Finals Flashcards
John requires a data center full of the needed computing gear to support his company’s operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John’s requirement?
A. In-house computing
B. Client-server computing
C. Virtualized computing
D. Cloud computing
A. In-house computing
In-house computing requires a data center full of the needed computing gear to support the company’s operation. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.
Answers B, C, and D are incorrect. According to John’s requirement, client-server computing, virtualized computing, and cloud computing are not the correct options.
Chapter 1 page 4
Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts?
A. Memory
B. CPU
C. Storage
D. Networking
C. Storage
Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
Answers A, B, and D are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.
Chapter 1
Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients?
A. DaaS
B. VPN
C. NIDS
D, CaaS
A. DaaS
Desktops as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
VPN is incorrect, Virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.
NIDS is incorrect. Network intrusion detection system (NIDS) is a system that monitors network traffic and restricts or alerts when unacceptable traffic is seen in a system.
CaaS is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail collaboration and other communication services.
Chapter 1 page 10
Art plans to implement a site backup plan for his company’s inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. he is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate?
A. IaaS
B. PaaS
C. SaaS
D. XaaS
C. SaaS
The higher up the services stack you go from IaaS to PaaS, the more difficult it will be to migrate. With IaaS, most of the cloud operations are under your direct control which gives you the most flexibility to migrate. However, if the cloud provider controls the application, you may not have many migration option because of proprietary implementation.
Answer A is incorrect. Infrastructure as a Service offers the customer the most flexibility of any of the e-service models.
Answer B is incorrect. Platform as a Service offers operating system maintenance to be provided by the service provider, and you are responsible for the installation and maintenance of the application.
Answer D is incorrect. Anything as a Service (XaaS) offers complete IT services as a package is a broad term that is catchall of the various service offerings.
Chapter 1
Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit?
A. Vulnerability scanning
B. Penetration testing
C. Load testing
D. Baselining
B. Penetration testing
Penetration testing is the practice of testing computer system, network, or web application to find security vulnerabilities that an attacker could exploit. It can be automated with software application or performed manually.
Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats.
Answer C is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.
Answer D is incorrect. Baselining is not a type of cloud testing. It is the process of collecting data and providing trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in a normal operation.
Chapter 1
Which of the following is a host service that is located remotely from a company’s data center?
A. Resource pooling
B. Off-premise
C. On-demand
D. Measured service
B. Off-premise
Off-premise is a hosting service that is located remotely from a company’s data center and is usually in a cloud service company’s data center.
Answer A is incorrect. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment.
Answer C is incorrect. On-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.
Answer D is incorrect. Measured service refers to the cloud provider’s ability to monitor and meter the customer’s use of resources.
Chapter 1
Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating?
A. Public
B. Community
C. Private
D. Hybrid
D. Hybrid
A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models.
Answer A is incorrect. A public cloud provides its services over a network that is open for public use.
Answer B is incorrect. A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure.
Answer C is incorrect. A private cloud is a cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally.
Chapter 1
Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network?
A. NIC
B. Virtual switch
C. Firewall
D. VPN
B. Virtual switch
A virtual switch controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network. It allows to run multiple networks through a single physical network. It can be configured to provide access to local or external network resources for one or more virtual machines.
Answer A is incorrect. A network interface card (NIC), also known as network adapter, is an expansion card installed in a computer. It provides interface for connecting the computer to LAN.
Answer C is incorrect. A firewall is configured to stop suspicious or unsolicited incoming traffic. It uses complex filtering algorithms that analyzes incoming network data based on destination and source addresses, port numbers, and data types.
Answer D is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connections.
Chapter 1
Which of the following networks is used in the creation and testing of new cloud based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services?
A. Production network
B. Quality Assurance network
C. Development network
D. Storage area network
C. Development network
The development network is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services.
Answer A is incorrect. Production networks are the live and in-use application that are usually public-facing in the cloud.
Answer B is incorrect. Quality assurance networks are for the ongoing offline maintenance networks used for the testing of your company’s applications and software systems.
Answer D is incorrect. Storage area network exist in the cloud for use by cloud service consumers. Common storage media are solid-state drives (SSDs) and magnetic physical drives.
Chapter 1 (page 19)
You are evaluating the physical layout of a large public cloud company. Your company’s operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement?
A. Regions
B. Auto-scaling groups
C. Availability zones
D. Global DNS affinity
A. Regions
Cloud operators segment their operations for customer proximity, regulatory compliance, resiliency, and survivability.
Large cloud operations will actually partition operations into regions for fault tolerance and to offer localized performance advantages. A region is not a monolithic data center but rather a geographical area of presence.
Answer B is incorrect. Auto-scaling groups are used for adding and removing capacity, and vertical scaling is expanding a server.
Answer C is incorrect. The actual data centers in each region are referred to as availability zones.
Answer D is incorrect. Global DNS affinity is referred to as the free Domain Name System (DNS) services offered to Internet users world-wide.
Chapter 1 () page 27
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure?
A. HBA
B. VPN
C. VNIC
D. iSCSI
C. VNIC
Virtual Network Interface Card (VNIC) is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.
Answer A is incorrect. Host Bust Adapter (HBA) is an adapter that provided input/output (I/O) processing and physical connectivity between a server and a storage device.
Answer B is incorrect. Virtual Private Network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network.
Answer D is incorrect. Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities.
Chapter 1
Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reason, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this?
A. Synchronous B. Asynchronous C. Volume sync D. Remote mirroring E. RAID 5
B. Asynchronous
Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time.
Answer A is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.
Answer C is incorrect. Volume sync allows to choose which volume streams automatically sync with the ringer volume as a user changes it.
Answer D is incorrect. Remote mirroring provides data accessibility protection for an application using physically separate locations.
Answer E is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.
Chapter 2 (#07)
To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group?
A. Mandatory access control
B. Nondiscretionary
C. Roles
D. Multifactor
C. Roles
The question outlines the function of a role-based access control approach.
Answer A is incorrect. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled.
Answer B is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.
Answer D is incorrect. Multifactor authentication adds an additional layer of authentication by adding token-based systems in addition to the traditional username and password authentication model.
Chapter 2 (#12)
You are preparing a presentation to your company’s IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume?
Each correct answer represents a complete solution. Choose two.
A. Bare-metal cores B. Virtual RAM C. Virtual CPUs D. RAID E. Virtual storage
B. Virtual RAM
E. Virtual storage
A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools.
Answers A, C, and D are incorrect. A hypervisor will not consume bare-meta cores, virtual CPUs, and RAID.
Chapter 2 (#21)
Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this?
A. Direct-attached storage
B. Network-attached storage
C. Storage are networks
D. Object-based storage
B. Network-attached storage
A file server sitting on an Ethernet-based LAN and hosting shared directories is a type of network-attached storage (NAS). In a NAS configuration, files are sent over the network rather that blocks of data as in storage area network.
Answer A is incorrect. A computer, laptop, or other computing devices that has its own storage directly connected is considered to be direct-attached storage.
Answer C is incorrect. A storage area network (SAN) is a high-speed, highly redundant, and completely dedicated to interconnecting storage devices.
Answer D is incorrect. Object-based storage is commonly found in cloud storage deployments and is different from the common file storage technologies such as file and block modes.
Chapter 2 (#22)
Which of the following regulatory requirements concerns a business ‘s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system?
A. SOC 1
B. SOC 2
C. SOC 3
D. ISO 27001
B. SOC 2
The Service Organization Controls 2 (SOC 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations.
Answer C is incorrect. The SOC 3 report is for the public disclosure of financial controls and security reporting.
Answer D is incorrect. ISO 27001 is the International Organization for Standardization (ISO) standards for quality that ensure the cloud provider meets all regulatory and statutory requirements for its product and service offerings.
Chapter 3 (#01)
Cathy is preparing her company’s migration plan from a private to a hybrid cloud. She wants outline firewall and DDoS requirements. What document should she create?
A. DIACAP
B. Security policy
C. Service level agreement
D. SOC 2
B. Security policy
The security policy outlines all aspect of your cloud security posture.
Answer A is incorrect. DIACAP (Department of Defense Information Assurance Certification and Accreditation Process) is the process for computer system IT security.
Answer C is incorrect. The service level agreement is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
Answer D is incorrect. The SOC 2 (Service Organization Controls 2) report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Chapter 3 (#04)
Allison is working on her company’s new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing?
A. MD5
B. SSL/TLS
C. IPsec
D. VPN
B. SSL/TLS
SSL/TLS is commonly used in browsers and smartphone applications for secure web access.
Answer A is incorrect. MD5 is a hash algorithm therefore, it does not apply to the question.
Answer C is incorrect. IPsec is a security framework, therefore, it does not apply to the question.
Answer D is incorrect. VPN are not as common as SSL/TLS for the scenario given.
Chapter 3 (#05)
Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transaction. What is a good solution that you would recommend to Brad?
A. ARP
B. 3DES
C. SSL
D. IPsec
C. SSL
Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
Answer A is incorrect. Address Resolution Protocol (ARP) is a communication protocol that performs the translation between IP and MAC addresses.
Answer B is incorrect. Triple-Data Encryption Standard (3DES) is a symmetric encryption algorithm that encrypts data by processing each block of data three times using a different key each time.
Answer D is incorrect. Internet Protocol Security (IPsec) is a protocol used to protect data flow between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.
Chapter 3 (#09) page 109
Which of the following types of deployments is referred to as a multi-availability zone architecture?
A. Storage segmentation
B. Cloud segmentation
C. Computing segmentation
D. Multifactor segmentation
B. Cloud segmentation
Cloud segmentation is the process of dividing your cloud deployment into sections to allow for granular security policies to be applied. It is referred to as a multi-availability zone architecture.
Answer A is incorrect. Storage segmentation is used to separate cloud date stores and storage offerings to meet a customer’s requirements.
Answer C is incorrect. Computing segmentation is commonly referred to as three-tier architecture.
Answer D is incorrect. There is no such type of segmentation.
Chapter 4 (#16) page 132
Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods?
Each correct answer represents complete solution. Choose all that apply.
A. RDP B. Telnet C. IDS/IPS D. DNS E. SSH
C. IDS/IPS
D. DNS
Common remote access protocol includes RDP, Telnet, and SSH. IDS/IPS are for intrusion detection and DNS is for domain name to IP address mappings and is not a utility for remote access.
Answers A, B, and E are incorrect. RDP, Telnet, and SSH are VIABLE methods for remote access.
Chapter 4 (#23)
James, a cloud architect created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause?
A. Telnet
B. SSL
C. DHCP
D. Firewall
D. Firewall
A firewall is any software or hardware device that protects a system or network by blocking unwanted network traffic. Firewalls generally are configured to stop suspicious or unsolicited incoming traffic through a process called implicit deny-all incoming traffic is blocked by default, except for traffic explicitly allowed by the firewall (i.e., a whitelist). At the same time, firewalls permit most types of outgoing traffic. The types of traffic blocked or permitted through a firewall are configured using predefined rule sets. Information about the incoming or outgoing connections can be saved to a log, an used for network monitoring or hardening purposes.
Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal were directly attached.
Answer B is incorrect. Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with pubic key data encryption.
Answer C is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information.
Chapter 4 (#28)
You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement?
A. Cluster
B. DevOps
C. Blue-green
D. Rolling
C. Blue-green
Blue-green is a software deployment methodology that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one being active and the other being inactive.
Answer A is incorrect. Clusters are groups of computers interconnected by a local area network and are tightly coupled together.
Answer B is incorrect. The DevOps team evaluates the patches and integrates them into their product.
Answer D is incorrect. The rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.
Chapter 5 (#3) page 159
Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails?
A. Full backup
B. Snapshot
C. Clone
D. Replicate
B. Snapshot
A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in it. The snapshot will record the data on the disk, its current state, and the VM’s configuration at that instant in time and can be restored to operational state if needed.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer C is incorrect. A clone is an identical copy of the data that may be a storage volume, a filesystem, or a logical number unit (LUN) on a storage area network (SAN).
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168 (#05)
Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN)?
A. Full backup
B. Cloning
C. Snapshot
D. Replicate
B. Cloning
Cloning creates an identical copy of the data that may be storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer C is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in ti.
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168 (Week 4 #07)
Jill is performing a Tuesday night backup of a Tier 2 storage volume that she already completed a full backup on Sunday night. She only wants to back up files based on changes on the source data since the last backup. What type of backup is she performing?
A. Full
B. Differential
C. Incremental
D. Online
C. Incremental
Incremental backups are operations based on changes on the source data since the last incremental backup was performed.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer B is incorrect. Differential backups allow for an efficient and significantly smaller backup operations.
Answer D is incorrect. Online backups offer an always available method to store and retrieve data.
Chapter 5 page 169 (#10)
Jennifer, a cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32 GB of RAM. Which of the following features should the administrator use?
A. Business continuity
B. Asynchronous replication
C. Process scheduling
D. Synchronous replication
C. Process scheduling
The process scheduling is the activity of the process manager that handles the removal of the running process and the selection of another process on the basis of a particular strategy. It is an essential part of Multiprogramming operating systems.
Answer A is incorrect. Business continuity is defined set of planning and preparatory activities that are used during a serious incident or disaster to ensure that an organization’s critical business functions will continue to operate or will be recovered to an operational state within a reasonably short period.
Answer B is incorrect. Asynchronous replications works off a s store-and forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the the primary storage system in the primary storage facility or cloud location.
Answer D is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data.
Week 4 - Chapter 5 (#12)
Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process?
A. NTP
B. API
C. Workflow
D. Orchestration
C. Workflow
Workflow automation defines a structured process for a series of actions that should be taken to complete a process. With a cloud-based workflow services, special workflow applications are offered as a managed service that creates a defined sequence of events, or workflow, with each procedure tracked and passed to the next process in the workflow.
Answer A is incorrect. Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service.
Answer B is incorrect. Application programming interface (API) defines how software components interact with each other.
Answer D is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser.
Chapter 5 page 163 (Week 4 #13)
During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site?
A. DNS B. DHCP C. SSH D. FTP E. IPsec
A. DNS
B. DHCP
D. FTP
The network disaster recovery services that need to be addressed are DNS (Domain Name Services), DHCP (Dynamic Host Configuration Protocol), FTP (File Transfer Protocol), Active Directory, RADIUS( Remote Authentication Dial-In User Services), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage.
Answer C is incorrect. Secure Shell (SSH) is an encrypted command-line interface utility used to access a remote device.
Answer E is incorrect. Internet Protocol Security (IPsec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption.
Chapter 6 page 186 (Week4 #20)
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following?
A. MTSR
B. Patch management
C. Change management
D. Trigger
C. Change management
Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing a post-change review if desired.
Answer A is incorrect. Mean time system recovery (MTSR) is the time for a resilient system to complete a recovery from a service failure.
Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying service patches and updates.
Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7 page 222 (Week5 #03)
Which of the following statements are true of cloud bursting?
Each correct answer represents a part of the solution. Choose all that apply.
A. It does not require compatibility between the designated public cloud platform and the private cloud.
B. It is recommended for non-critical applications that handle non-sensitive information.
C. It is an application deployment model in a hybrid cloud setup.
D. It is used to move out applications to the public cloud to free up local resources to run business applications.
B. It is recommended for non-critical applications that handle non-sensitive information.
C. It is an application deployment model in a hybrid cloud setup.
D. It is used to move out applications to the public cloud to free up local resources to run business applications.
Here are the correct statements about cloud bursting:
It is recommended for non-critical applications that handle non-sensitive information.
It is an application deployment model in a hybrid cloud setup.
It is used to move out applications to the public cloud to free up local resources to run business applications.
Answer A is incorrect. One of the major limitations of cloud bursting is that the designated public cloud platform should be fully compatible with the private cloud to successfully run the bursting applications.
Chapter 7 page 224 (Week5 #11)
What is the term associated with using a second cloud to accommodate peak loads?
A. Elasticity
B. Vertical-scaling
C. Auto-scaling
D. Bursting
D. Bursting
Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed.
Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity.
Answer B is incorrect. Vertical-scaling adds resources such as CPU instances or more RAM.
Answer C is incorrect. Auto-scaling is the automated process of adding and removing capacity.
Chapter 7 page 224/225 (Week5 # 23)
Cloud bursting can alleviate which of the following attacks?
A. Brute force
B. XSS
C. Buffer overflow
D. DDoS
D. DDoS
Cloud bursting is a hybrid model which is designed to use public cloud processing during times of increased load. This is often an economical approach to accessing additional resources when required. It can alleviate distributed denial of service (DDoS) attacks. DDoS attack uses multiple computer on disparate networks to launch the attack from many simultaneous sources.
Answer A is incorrect. Brute force is an attack which the attacker uses password-cracking software to attempt every possible alphanumeric password combination.
Answer B is incorrect. Cross-site scripting (XSS) is a web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users.
Answer C is incorrect. Buffer overflow is an application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer.
Chapter 7 page (Week5 # 28)
Which of the following is the variable delay between packets from source to destination?
A. Latency
B. Packet loss
C. QoS
D. Jitter
D. Jitter
Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real time traffic such as voice and video networks.
Answer A is incorrect. Latency is the time for a packet to travel from source to destination.
Answer B is incorrect. Packet loss is the percentage or number of packets that are dropped in the network.
Answer C is incorrect. Quality of Service (QoS) defines traffic priorities in the event of network congestion or impairments.
Chapter 8 page 248 (Week 6 #03)
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem?
A. Add memory to the system
B. Install a second network adapter
C. Update the network adapter’s firmware
D. Install a second processor
B. Install a second network adapter
If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem but the success is less likely.
Chapter 8 (Week 6 #01)
Which of the following is the process of upgrading or replacing a server with one that has a greater capabilities?
A. Horizontal scaling
B. Elasticity
C. Autoscaling
D. Vertical scaling
D. Vertical scaling
Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
Answer A is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems.
Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer D is incorrect.
Chapter 8 page 253 (Week 6 #02)
Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems?
A. Horizontal scaling
B. Elasticity
C. Autoscaling
D. Vertical scaling
A. Horizontal scaling
Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems, compared to vertical scaling, which is replacing servers with a larger instance that meets your new requirements. It works well for applications that are designed to work in parallel such as web servers.
Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer D is incorrect. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
Chapter 8 page 254 (Week 6 #04)
Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance?
Each correct answer represents complete solution. Choose all that apply.
A. CPU B. SLA C. RAM D. Network I/O E. DNS
A. CPU
C. RAM
D. Network I/O
Server performance can be increased by adding additional CPU processing, memory, and network capacity. SLA, ACL, and DNS are not related to increasing server capacity.
Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer E is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resources, which is associated with the Internet or a private network.
Chapter 8 page (Week 6 #05)
What is the term when memory, CPU, and storage are virtualized and allocated by the hypervisor?
Resource pooling
Resource pooling is when the cloud service provider allocates resources into a group, or pool and then these pools are made available to a multitenant cloud environment
Chapter 1 (page 16)
What technology enable on-demand computing?
Virtualization
Chapter 1
Jill subscribed to a cloud service that provides a virtual server platform but not the operation or applications. What cloud service is she implementing?
IaaS
Chapter 1
Pete is modifying VLANs on his type 1 hypervisor to group virtual servers together. What is he configuring?
Virtual switch
Chapter 1
BigCo has asked you as a Cloud+ consultant to interconnect its private cloud to a community cloud to access a human resource application. What type of cloud delivery model would you implement?
Hybrid
Chapter 1
Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance?
Each correct answer represents a complete solution. Choose three.
A. CPU B. SLA C. RAM D. Network I/O E. ACL F. DNS
A. CPU
C. RAM
D. Network I/O
Server performance can be increased by adding CPU processing, memory, and network capacity.
Answers B, E, and F are incorrect. SLA, ACL, and DNS are not related to increasing server capacity.
Chapter 2
You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this?
A. Hybrid
B. Public
C. Private
D. Community
C. Private
A private cloud model is used by a single organization but it may be used by many units of a company. It can be wholly owned by the organization, a third-party provider, or a combination. It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design.
Answer A is incorrect. In a hybrid cloud, more than one cloud service is utilized.
Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place.
Answer D is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources.
Chapter 2
What technology allows for a secure connection over an insecure network?
A. Direct peering B. IDS C. VPN D. AES-256 E. RDP
C. VPN
Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit.
Answer A is incorrect. Direct peering is used to establish a direct peering connection between the two parties.
Answer B is incorrect. The intrusion detection system (IDS) alerts a management system or is configured to send out e-mails or text notifications if an attack is discovered.
Answer D is incorrect. AES-256 is a storage encryption algorithm which is used to encrypt the data at rest and in transit.
Answer E. is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Microsoft calls the application Remote Desktop Services.
Chapter 2
James is requesting assistance in configuring a cloud solution that allows him to access his server fleet’s management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would your recommend James to use?
A. Load balancing
B. Automation
C. VPN
D. Firewall
C. VPN
Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create a business-to-business connections that use a public network and save the expense of a private dedicated circuit.
Answer A is incorrect. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance a requirements of web, DNS, FTP servers; firewalls, and other network services
Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event.
Answer D is incorrect. A firewall is installed inline in a network so that all traffic must pass through it as it transits from one network to another.
Chapter 2
Hank is a security engineer for his publicly traded company. For secure logins, he requires users to log in with something they have and something they know. What type of authentication is this?
Multifactor
Multifactor or multilayer authentication adds an additional layer of authentication by adding token-based system in addition to the traditional username and password authentication.
Chapter 2 (page 92)
Connie is part of the cloud migration team at an insurance company. She is investigating a Windows server in the data center that runs natively on a high-end server platform. She wants to move it to an IaaS provider. What type of migration does she needs to perform?
P2V
P2V (physical-to-virtual) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor.
Chapter 2 (page 83)
You have been brought in to assist a company’s project to move sensitive data to a public cloud. The company requires that the data be indecipherable if accessed by an authorized party. What general term is used to describe this operation?
Obfuscation
Obfuscation is a technique used to increase the security of storage data by making it difficult to read legitimate data stored in files. Using obfuscation processes on storage systems makes it difficult for hackers or hijackers to make sense of the stored data because the data is so deeply buried (obfuscated) with random data that it is hard to determine what is actual data and what is not.
Chapter 2 (page 79)
As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system?
A. Remove the services that are not in use
B. Disable the services that are not in use
C. Install antivirus
D. Implement host-based firewall security
B. Disable the services that are not in use
If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points.
Answer A is incorrect. Removing the services is not an appropriate solution for the given scenario.
Answer C is incorrect. Antivirus software is an application that runs on a computer that can identify and remove viruses or malicious software from a system.
Answer D is incorrect. Implementing host-based firewall security would not solve the problem.
Chapter 3 page 114
Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with?
A. SOC 3
B. HIPAA
C. MPAA
D. ISA 2701
B. HIPAA
The Health Insurance Portability and Accountability Act defines the standard for protecting medical data.
Answer A is incorrect. The Service Organization Controls 3 (SOC 3) reports are for public disclosure of financial controls and security reporting.
Answer C is incorrect. The Motion Picture Society of America Act (MPAA) published a set of best practices for storing, processing, and delivering protected media and content securely over the Internet.
Answer D is incorrect. The Internal Security Act allows for detention without trial or criminal charges under limited, legally defined circumstances.
Chapter 3 page 107
You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches application during the same session. Which approach of access control should you use?
A. Multifactor authentication
B. Single sign-on
C. Role-base access control
D. Mandatory access control
B. Single sign-on
You should use single sign-on (SSO), which is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. It authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. It is helpful for logging user activities as well as monitoring user accounts.
Answer A is incorrect. Multifactor authentication is an access control technique that requires several pieces of information to be granted access.
Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from users based on which roles they perform in an organization.
Answer D is incorrect. Mandatory access control (MAC) approach is often found in high-security environment where access to sensitive data needs to be tightly controlled.
Chapter 3 page 122
Porter is a cloud administrator who is configuring access for the storage administration team. He does not want to add rights for every user and is asking if there is a more efficient way to administer rights for the storage group. What user administrative approach would you recommend he implement?
Groups
User groups are containers that rights are assigned to. They make management more effective and streamlined than managing a large number of individual user accounts. The trick is to create a group for each use case that is needed. For example, groups can be created for the following: sever, database, network, and storage administrators. Once the groups have been created, rights for the group that are required to access and manage objects are assigned to the group
Chapter 3 page 117
Mike works for a medical records company in the United States that is planning on migrating customer records to a public cloud to accommodate growth. You have been brought onto the migration team as a Cloud+ certified consultant. What governmental requirement must he ensure the cloud provider meets before considering them as a potential solution?
HIPAA
HIPAA is the Health Insurance Portability and Accountability Act. HIPAA defines the standard for protecting medical patient data. Companies that work with protected health information must ensure that all the required physical, network, and process security measures are in place and followed to meet HIPAA compliance requirements.
Chapter 3 page 107
What corporate process documents outlines a firm’s responsibility in safely deploying a fleet of database servers to the public cloud?
Security policy
A security policy is a document that defines your company’s cloud controls, organizational policies, responsibilities, and underlying technologies to secure you cloud deployment.
Chapter 3 page 104
Sid is a security engineer at a large public cloud company. He is implementing a new security service that tracks activity across the network and actively shuts down malicious activity. What security application is he implementing?
Intrusion prevention system
Intrusion prevention system is more advanced than the IDS and can actively take measures to mitigate the attack with configuration scripts and methods to stop an attack that is underway. The IPS communicates with network devices such as routers and firewalls to apply rules to block the attack.
Chapter 4 page 142
Charles wants to offer his user base a selection of two-factor authentication solutions. What two options are there?
key fob and smartphones
Hardware tokens are popular devices that allow you to access your authentication token; they are small devices that usually fit on a keychain and have a small screen that display a changing ID number. This ID token is usually valid for only a few minutes at most and needs to be typed into the authentication dialog box along with your username and password.
Chapter 4 page 135
Beth is asking you if there is a website that shows a high-level overview of her cloud deployment. What is this called?
dashboard
A common dashboard published by cloud companies shows the health of the operations in real time and is accessed using a web browser. One important use of alerting is for automation of troubleshooting, where a management application can alert an application to perform troubleshooting and problem resolution on the issue reported from the management application.
Chapter 4 page 139
Trevor is implementing a security application that operates in each web server that faces the Internet. He wants to track malicious attacks. What solution is he implementing?
Host intrusion detection system
Host-based intrusion detection systems (HIDS) perform the same security functions as network based systems but run exclusively on each host computer or hypervisor. With IaaS deployments, you will have full control over the operating systems and their configurations in your deployment. This gives you the ability to install your preferred HIDS applications. For PaaS and SaaS, host based intrusion detection and prevention systems will be the responsibility of your cloud service provider.
Chapter 4 page 143
Which of the following enable consumers to rent fully configured systems that are set up for specific purposes?
A. DaaS
B. PaaS
C. SAN
D. CaaS
B. PaaS
Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
Answer A is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Answer C is incorrect. Storage area network (SAN) is a specialized, high-speed network that provides block-level network access to storage.
Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other.
Chapter
Week 5 #1
Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company’s database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing?
A. MTTR
B. Variance
C. Trigger
D. Elasticity
B. Variance
Variance is the measurement of the spread between the baseline and measured result.
Answer A is incorrect. mean time to repair (MTTR) is the time required to repair a damage hardware component.
Answer C is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Answer D is incorrect. Elasticity is the ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity.
Chapter 7 page 217
An organization’s IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim’s job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing?
A. Baseline
B. SOC 2
C. Benchmarking
D. SLA
A. Baseline
A baseline is a record of a device’s performance statistics under normal operating conditions. A network baseline documents the network’s current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance.
Answer B is incorrect. The SOC 2 report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.
Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Chapter 7 page 217
Peter has been tasked to develop a cross-cloud provider plan as part of his company’s business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find in the service model that the most lock-ins and is the most complex to migrate?
A. IaaS
B. PaaS
C. CaaS
D. SaaS
D. SaaS
Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-manage application as well as the underlying platform and infrastructure support.
Answer A is incorrect. Infrastructure as a Service (IaaS) offers computing hardware, storage, and networking but not the operating systems or applications.
Answer B is incorrect. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes.
Answer C is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other commutation services.
Chapter 7 page 222
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company’s web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do yo recommend as possible solutions?
Each correct answer represents a complete solution. Choose all that apply.
A. Vertical scaling B. Horizontal scaling C. Variance D. Cloud bursting E. Trigger
A. Vertical scaling
B. Horizontal scaling
D. Cloud bursting
Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and cloud bursting.
Answer C is incorrect. Variance is the measurement of the spread between the baseline and measured result.
Answer E is incorrect. Trigger is the process of initiating and event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7
Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud?
A. Autoscaling
B. Variance
C. Elasticity
D. Trigger
C. Elasticity
Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer B is incorrect. Variance is the measurement of the spread between the baseline and measured result.
Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7 page 228
Sam wants to create a full backup on Sunday and then during the week to backup only the files that have been modified since Sunday. As a Cloud+ consultant, what type of backup would you suggest?
Differential
A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. This allows for an efficient and significantly smaller backup operation.
Chapter 5 (page 169)
Hank is asking about installing vendor software on his web servers to fix a known bug in the application. What type of fix is this?
Patch
A patch is an update that fixes a known bug or issues. The patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Chapter 5 (page 162)
Lori wants to back up a virtual machine image to use as a template for creating more VMs. What type of backup would you suggest she perform?
Clone
Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN).
Advantages of cloning include a complete image being available for restoration. Storage efficiency is very low as a clone takes as much storage space as the original source since all of the data is copied in the clone operation.
Chapter 5 (page 168)
Randy wants to make a backup of a public cloud machine image before applying updates to the operating systems so he can roll back if needed. What type of backup would you suggest he implement?
Snapshot
Storage snapshot are a point-in-time copy of storage volume or image that can be used as a backup to shorten recovery time objectives (RTOs) and recovery point objectives (RPOs).
The snapshot is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it.
Chapter 5 (page 164)
Mindy works on her company’s private cloud operation center. She knows that there are a number of virtual server upgrades taking place and notices on the network health status dashboard that there are a number of servers with alarms. What are two common causes for the alarms?
Shutdowns and restarts
The restart process can be monitored through the management systems and dashboards that are offered by the cloud provider.
A shutdown may be desired if you choose to retain the VM and its applications but do not need it to be active.
Chapter 5 (page 166)
Cloud-based reports can be generated in which formats?
A. PDF B. JSON C. Excel D. GUI E. CLI
A. PDF
C. Excel
Cloud providers are aware of policy reporting and offer services to assist you in collecting and presenting reports. These services are cloud-based and can be remarkably customizable. They are presented in a graphical format in a web browser dashboard. Also, the reports can be exported to Excel or PDF format.
Answer B is incorrect. JavaScript Objection Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate.
Answer D is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services.
Answer E is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices.
Chapter 8 page 255
Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics?
A. QoS
B. RDP
C. SLA
D. VPC
C. SLA
The service level agreement (SLA) is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
Answer A is incorrect. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments.
Answer B is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Window devices.
Answer D is incorrect. A Virtual Private Cloud (VPC) is a hybrid model in which a private cloud solution is provided within a public cloud provider’s infrastructure.
Chapter 8 page 251
After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue?
A. Directory services requires the use of NTP servers
B. The VMs are insufficiently licensed
C. There is a time synchronization issue.
D. There is a directory services outage.
C. There is a time synchronization issue.
In modern computer networks, time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. The Network Time Protocol (NTP) is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. It works on the Application layer (Layer 7) on the OSI model and the Application layer of the TCP/IP model. It runs continuously in the background on a a device, NTP sends periodic time requests to servers to obtain the server time stamp and then adjusts the client’s clock based on the server time stamp received.
Chapter 9 page 272
An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue?
A. There was an IP change to the VM. Make changes to the server properties.
B. The upgrade has a bug. Reboot the server and attempt the upgrade again.
C. There is an application compatibility issue. Roll back the previous working backup.
D. The vulnerability scanner is on a different subnet. Open the ports and it will reconnect.
C. There is an application compatibility issue. Roll back the previous working backup.
With so many components and with each service in the cloud being driven by software automation, it is inevitable that there are going to be software compatibility issues. One moment everything is working fine, and then after the overnight changes, nothing seems to work. This can often be trace to incompatibility between orchestration or automation tools and the systems they are intended to communicate with. A rollback is the process of returning software to a previous state. If a software update failed, did not correct the issue as expected, or introduced new issues that require you to downgrade the system to its original state, then a rollback should be performed.
Chapter 9 page 278
Common cloud resources in your deployment that may saturate over time include which of the following?
Each correct answer represents a complete solution. Choose all that apply.
A. RAM
B. CPU
C. Power
D. PaaS
A. RAM
B. CPU
Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud compute requirements grow.
Answers C and D are incorrect. Power and PaaS are the cloud resources that are not fully utilized over time.
Chapter 9
Which of the following automates tasks based upon the specific thresholds or events?
A. Orchestration
B. Thin provisioning
C. Thick provisioning
D. Authentication
A. Orchestration
Orchestration is a process which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features.
Answer B is incorrect. Thin provisioning is used to allow a virtual disk for allocating and committing storage space on demand.
Answer C is incorrect. Thick provisioning allows you to allocate or reserve storage space while initially provisioning the virtual disk. The allocated storage space for the thick-provisioned virtual disk is guaranteed. This operation ensures that there re no failures because of lack of storage space.
Answer D is incorrect. The ability to identify who a user is, usually during the login process, is called authentication.
Chapter
Week 6 # 27
Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center?
A. NaaS
B. IaaS
C. SaaS
D. IDaaS
B. IaaS
Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource computing equipment purchases and running their own data center. It is an arrangement in which, rather than purchasing equipment and running your own data center, you rent those resources as an outsourced service. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components.
Answer A is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management.
Answer C is incorrect. Software as a Service (SaaS) enables a service provider to make application available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces.
Answer D is incorrect. Identity as a Service (IDaaS) is an authentication infrastructure which provides single sign-on capabilities for the cloud.
Chapter 1
Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes?
A. CaaS
B. PaaS
C. NaaS
D. DaaS
B. PaaS
Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
Answer A is incorrect. Communication as a Service (CaaS) is an outsourced enterprise communication solution that can be leased from a single vendor.
Answer C is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management.
Answer D is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Chapter 1
Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating?
A. Hybrid
B. Public
C. Private
D. Community
D. Community
A community cloud is where multiple organization from a specific community with common interests share the cloud infrastructure. Examples may be community cloud sites deployed for medical, financial, or e-commerce sites that all share common use case architectures.
Answer A is incorrect. In a hybrid cloud, more than once cloud service is utilized.
Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place.
Answer C is incorrect. A private cloud is operated and reserved by a single organization.
Chapter 1
You have been asked to migrate existing servers of your organization to cloud. Before you start migration, yo want to determine the size of the virtual machines required for migration servers. What is this statistics called?
A. Vulnerability scanning
B. Baselines
C. Penetration testing
D. Loading
B. Baselines
Baselines collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud.
Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats.
Answer C is incorrect. Penetration testing is the process of testing you cloud access to determine whether there is any vulnerability that can attacker could exploit.
Answer D is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage.
Chapter 1
Carl works in accounting and wants to allocate intracompany billing for cloud services that different departments consume. What service is he implementing?
Charge backs
Chapter 1 (page 255)
Harry is accessing a public cloud portal to add three additional web servers to the load-balanced fleet. What type of cloud service enables him to perform this operation?
On-demand
On-demand cloud services allow the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required.
Chapter 1 (page 26)
If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64 GB physically available, what would be the over commitment ratio?
A. 8:1
B. 2:1
C. 16:1
D. 1:2
B. 2:1
According to the questing this would be a 2:1 over commitment. The concept of overcommitting is based on the assumption that not all servers will use the memory assigned to them. This unused memory is dynamically allocated to the other VMs that require additional RAM for operations.
Answers A, C, and D are incorrect. These are not the correct over commitment ration according to the question.
Chapter 2 (page 65)
Which of the following is part of the sector header in a storage system that is used to identify the content of the data?
A. Object ID
B. Extended metadata
C. Metadata
D. Thick provisioning
C. Metadata
Metadata is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search data inside the file.
Answer A is incorrect. Object ID is a pointer to a stored piece of data and is a globally unique identifier for the stored data.
Answer B is incorrect. Extended metadata includes a long list of data that can be attached to a data file.
Answer D is incorrect. Thick provisioning is the allocation of all the requested virtual storage capacity at the time the disk is created.
Chapter 2 page 69
What is the storage arrangement that divides different types of storage requirements into different offerings?
Tiering
Data can have different requirements, such as how critical it is, how often it needs to be accessed, geographical placement or encryption, and security requirements.
Different storage tiers can be defined and assigned to best meet the levels of storage the cloud customer may require.
Chapter 2 (page 72)
Henry has created a volume on the cloud SAN. What type of storage is he implementing?
Block
Block storage offers a high utilization rate.
Chapter 2
What is a separate networking operating in your private cloud that is accessed both internally and externally?
DMZ
Demilitarized zone (DMZ) is a section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally. The DMZ is a special network security zone that exposes a cloud’s computers to the the Internet. A DMZ will be created and configured on a firewall as a network hosting applications, such as mail, DNS, FTP, or webservers that should not be placed on the internal network but also should not be exposed directly to the Internet without security protection.
Chapter 2 page 50
You are reviewing your private cloud’s infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need access block that is lossless. What is the interconnect method commonly used?
A. RAID 5 B. Zoning C. VMFS D. SAN E. DAS
D. SAN
A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. It moves storage resources off the network and reorganizes them into an independent, high-performance network. It is a high-speed network dedicated to storage transfers across a shared network.
Answer A is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails.
Answer B is incorrect. Zoning is a SAN network security process that restricts storage access between initiators and targets.
Answer C is incorrect. Virtual Machine File System (VMFS) facilitates storage virtualization for multiple installations of VMware ESX Server.
Answer E is incorrect. Direct-attached Storage (DAS) is computer storage that is connected to one computer and not accessible to other computers.
Chapter 2
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures?
A. DMZ
B. SSH
C. WAF
D. IDS
C. WAF
A web application firewall (WAF) is a firewall that is deployed to secure an organization’s web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications.
Answer A is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network.
Answer B is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files.
Answer D is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signature and behavior.
Chapter 3/4
Week 3 #30
Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers?
Each correct answer represents a complete solution. Choose two.
A. ACL
B. VSAN
C. PKI
D. LUN Masking
B. VSAN
D. LUN Masking
Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods.
Answer A is incorrect. Access control list (ACL) is a set of data (usernames, passwords, time and date, IP address, MAC address, and so on) used to control access to a resource, such as a device, file, or network.
Answer C is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption.
Chapter 3 page 118
Harry is the cloud administrator for a company that stores object-based in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company’s security policies?
A. Discretionary
B. Mandatory
C. RBAC
D. Nondiscretionary
B. Mandatory
The mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using mandatory access control approach, a user will authenticate, or log into a system. Based on the user’s identity and security levels of the individual, access rights will be determined by comparing the data against the security properties of the system being accessed.
Answer A is incorrect. Discretionary access control is different from mandatory access control by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by the mandatory access controls.
Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to or restricted from, users based on which roles they perform in an organizations.
Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system or services in the cloud.
Chapter 3 page 120
A company security policy mandates education and training for new employees. The policy must include the controls attempts to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited?
A. Corrective
B. Detective
C. Preventive
D. Physical
A. Corrective
Corrective security control is a security measure that controls attempt to get the system back to normal. This is intended to limit the extend of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible. It includes restoring operating system or data from a recent backup, updating an outdated antivirus and installing a fix.
Answer B is incorrect. Detective security control is a security measure that helps to detect any malicious activities. It does not stop or mitigate intrusion attempts; it only identifies and report them.
Answer C is incorrect. Preventive security control is a security measure that prevents a malicious action from occurring by blocking or stopping someone or something from doing or causing so.
Answer D is incorrect. Physical security control is a security measure that restricts, detects, and monitors access to specific physical areas or assets.
Chapter 3/4
Week 3 #29
What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules?
A. FISMA
B. FedRAMP
C. FIPS 140-2
D. PCI-DSS
C. FIPS 140-2
FIPS 140-2 is a National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules. Cryptographic systems can be either hardware or software created in the public sector and are registered in FIPS-140-2 as approved for U.S. government use.
Answer A is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities.
Answer B is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) outlines the standards for security assessments, authorization and continuous monitoring for cloud products and services.
Answer D is incorrect. The Payment Card Industry Data Security Standard (PCI-DSS) sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data.
Chapter 3 page 106
Terri is auditing the middle tier Linux servers on her private cloud deployment and notices many services that should not be running. As a security consultant, what actions would you recommend she take?
Disable the services
One of the basic tenets of securing a network is that if you do not need it, turn it off. When you install a new operating system, many applications’ services that you never use may be enabled and running an may expose your system to malicious attack.
To harden the system, you must determine which ports and services are running on the machine and investigate whether they are required for the server’s purpose. If the service provides no use or value, it should be shut down to make the server as secure as possible.
Chapter 3 page 114
What backend cloud system allow for on-demand provisioning of services?
Automation
Automation is the glue that makes all the cloud economics and operations possible. By implementing a well-defined agreed-upon set of software interfaces that allow devices to intercommunicate with each other, the magic of cloud computing can happen.
Chapter 4 page 137
What is a software-controlled machine-to-machine interface called?
Application programmable interface
An application programming interface (API) is defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from physical devices to the applications and everything in between. Without APIs, there can be no automation!
Chapter 4 page 138
What is storage that does not survive a VM restart called?
Ephemeral
If the virtual machine is deleted of stopped, a nondurable storage will be lost. Sometimes referred to as ephemeral volumes in that it gets deleted when the associated VM goes away.
Chapter 4 page 133
James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a minimum of 14, he implemented a /20. Which of the following should he use to assign the networks?
A. NAT
B. DNS
C. DHCP
D. IPsec
C. DHCP
Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC address of a network device. It provides automatic assignment of IP addresses and other TCP/IP configuration information. DHCP uses port 68 as the default port.
Answer A is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet.
Answer B is incorrect. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name.
Answer D is incorrect. Internet Protocol Security (IPsec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.
Chapter 3/4
Week 3 #27
Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations?
A. Rollout
B. Patch
C. Hotfix
D. Version update
B. Patch
A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Answer A is incorrect. A rollout is a patch deployment process of replacing a software product with a newer version of the same product.
Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem.
Answer D is incorrect. A version update is the process of replacing a software product with a newer version of the same product.
Chapter 5 page 162
What are common automation systems that are used for patch management?
Each correct answer represents a complete solution. Choose three.
A. Chef B. Cloud-patch C. Ansible D. DevOps E. Puppet F. Cloud Deploy
A. Chef
C. Ansible
E. Puppet
Answers A, C, E are correct.
Common patch management offerings such as Chef, Puppet, Openstack, and Ansible are examples for automation packages that offer patching services.
Answers B, D, and F are incorrect. Cloud-patch, DevOps, and cloud deploy oar not used for patch management.
Chapter 5 page 165
Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for a rapid deployment that corrects specific and critical issue. What type of fix is this?
A. Hotfix
B. Patch
C. Version update
D. Rollout
A. Hotfix
A hotfix is a software update type that is intended to fix an immediate and specific problem.
Answer B is incorrect. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
Answer C is incorrect. A version update is the process of replacing a software product with a newer version of the same product.
Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
Chapter 5 page 162
Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems?
A. Full backup
B. Snapshot
C. Clone
D. Replicate
C. Clone
Cloning takes the master image and clones it to be used as another separate and independent VM. Important components of a server are changed to prevent address conflicts; these include the UUID and MAC addresses of the cloned server.
Answer A is incorrect. Full backups are generally performed on a routine backup schedule.
Answer B is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it.
Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
Chapter 5 page 168
Which cloud-based system abstracts and hides much of the modern cloud systems and also reduces operational errors by executing tested cloud systems, scripts, workflows, or runbooks to make sure the systems are configured correctly?
Orchestration
Orchestration systems play a critical role in cloud operations that goes beyond just security to many other tasks such as the day-to-day maintenance of operations.
Orchestration systems coordinate and process tasks, functions, and workflows of cloud operations without the need for human intervention. Orchestration is often described a a service-oriented architecture, automated provisioning, converged infrastructure, or dynamic data center.
Chapter 5 page 164
Trevor asked you to recommend a server deployment model that features tightly coupled computers that allow software patching without incurring downtime. What type of server deployment would you recommend?
Cluster
A cluster is a group of servers operating in tandem that often appear as a single larger system. Clusters can be managed as a single larger system instead of many small servers grouped together. This allows for central point of management that simplifies operation. You can mange a cluster as a complete system and not be concerned with all of the individual system.
The devices in the cluster work together to support a high availability platform for applications and services. If a node in a cluster fail, other nodes would pick up the operations and continue without downtime.
Chapter 5 page 160
Leonard is creating disaster recovery documents for his company’s online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting?
Each correct answer represents a part of the solution. Choose all that apply.
A. RSO B. RTO C. RPO D. DR E. VxRestore
B. RTO
C. RPO
The restore point and restore time objectives are the measurements for the amount of data lost and time needed to get back online after an outage.
Answer A is incorrect. The regional support office (RSO) is a regional or national center of expertise that is set up within an existing entity.
Answer D is incorrect. Disaster recovery (DR) is an area of security planning that aims to protect an organization from the effects of significant negative events.
Answer E is incorrect. VxRestore command is used to restore files previously copied to a tape.
Chapter 6 page 184
Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at the location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements?
A. Hot site
B. Warm site
C. Cold site
D. Active/passive
B. Warm site
A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data storage, which is usually a database.
Answer A is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline.
Answer C is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary center failure, but the servers and infrastructure are not deployed or operational until needed.
Answer D is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages.
Chapter 6 page 167
Laurie is reviewing the SLA and statement of responsibility with their community cloud provider PaaS. Who does the responsibility for stored data integrity in the cloud belong to?
A. Cloud provider
B. Compliance agency
C. Cloud customer
D. Shared responsibility
C. Cloud customer
Ultimately the responsibility for data in the cloud belongs to the organization that owns the data.
Answer A is incorrect. Cloud providers are responsible for the core network in their facilities which include the connections to the Internet and high-speed fiber links that interconnect cloud zones and regions.
Answer B is incorrect. Compliance agency is responsible for conforming to a rule, such as specification, policy, standard or law.
Answer D is incorrect. The shared responsibility model outlines what services and portions of the cloud operations that cloud consumer and provider are responsible for.
Chapter 6
To increase TipoftheHat.com security posture, Alice is reviewing user accounts that access the community cloud resources. Alice notices that the summer interns have left to go back to school, but their accounts are still active. She knows they will return over the winter break. What would you suggest Alice do with these accounts?
A. Do nothing B. Delete the accounts C. Disable the accounts D. Change the resource access definitions E. Modify the confederation settings F. Change the access control
C. Disable the accounts
The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted.
Answers A, B,D, E and F are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted.
Chapter 6 page 199
Pierre is deploying a solution that allows data for his e-commerce operations hosted in a public cloud to be reached at remote locations worldwide with local points of presence. He wants to reduce the load on his web servers and reduce the network latency of geographically distant customers. What are these facilities called?
A. Region
B. Edge location
C. Availability zone
D. Replication
B. Edge location
Edge location are not complete cloud data centers. There are cloud connection points located in major cities and offer local caching of data for reduced response times.
Answer A is incorrect. A region is not a monolithic data center but rather a geographical area or presence.
Answer C is incorrect. The actual data centers in ear region are referred to as availability zones.
Answer D is incorrect. Replication is the transfer and synchronization of data between multiple data centers.
Chapter 6 page 194
Long-term storage of data cloud is called what?
Archive
Data archiving moves inactive data, or data that is no longer being used, to a separate storage facility for a long-term storage.
Chapter 6 page 191
BigCo has been performing an ongoing inventory of their public cloud assets and found a number of storage volumes, CPU allocations, VMs, and firewall instances that are not connected to any project and are not being used. What are these services called?
Orphaned resources
Orphaned resources are cloud-based services that are left over when a service terminates and are no longer needed or used. When you enable cloud-based resources such as a servers, storage arrays, load balancers, content distribution, DNS, databases, or any other offerings, you may find it to be a challenge to monitor and manage all of these resources. When a service is no longer being used or was enabled for a short period of time, it is all too frequently the case that the service do not get terminated properly and remain active and chargeable even if they are not being used.
Chapter 6 page 200
Which of the following is referred to as the measurement of the difference between the current reading and the baseline value?
A. Baseline
B. Metric
C. Smoothing
D. Variance
D. Variance
Variance is referred to as the measurement of the difference between the current reading and the baseline value.
Answer A is incorrect. Baseline is used in capacity planning to determine whether additional cloud capacity is required based on usage and consumption information collected over time. The establishment of average usage over time is the data that gets collected for a baseline report.
Answer B is incorrect. A metric is a standard of measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement.
Answer C is incorrect. Smoothing is used to smooth out isolated events or short-term variations.
Chapter 7 page 217
Cloud capacity can be measured by comparing current usage to what?
A. Orchestration B. Automation C. NTP D. Baseline E. APIs
D. Baseline
A baseline measurement is used as a reference to determine cloud capacity increases and decreases.
Answer A is incorrect. Orchestration systems enable large-scale cloud deployments by automating operations.
Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event.
Answer C is incorrect. The NTP (Network Time Protocol) allows all devices to synchronize to a central clock or time service.
Answer E is incorrect. The API (application programming interface) is a defined means to programmatically access, control, and configure a device between different and discrete software components.
Chapter 7 page 217
You are explaining to a new hire at your private cloud data center about the process to follow when modifying systems and services in the cloud. What is this process called?
Change management
Change management is the process of managing all aspects of the ongoing changes, upgrades, repairs, and reconfigurations. Change management involves planning and managing changes to minimize any disruptions of services.
Chapter 7 page 222
What cloud automation feature allows for cloud services to expand and contract based on actual usage?
Elasticity
The ability to automatically and dynamically add resources such as storage, CPUs, memory, and even servers is referred to as elasticity. The done “on the fly” as needed and is different from provisioning servers with added resources that may be required in the future.
Chapter 7 page 228
Database application capacity can be added by scaling horizontally. True or false?
False
Vertical scaling or scaling up will add resources such as CPU instances or more RAM. Many applications, such as databases will perform better after a system has been scaled vertically. For example, a system that is CPU bound will perform better when scaling up with additional CPU cores. The same is true with applications that benefit from more RAM or higher Local Area Network (LAN) throughput.
Chapter 7 page 225
What type of cloud data set measures object metrics to determine normal operations?
A. Metric
B. Variance
C. Baseline
D. Smoothing
C. Baseline
The establishment of average usage over time is the data that gets collected for a baseline report.
Answer A is incorrect. A metric is a standard or measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement.
Answer B is incorrect. Variance is referred to as the measurement of the difference between a current reading and the baseline value.
Answer D is incorrect. Smoothing is used to smooth out isolated events or short-term variations.
Chapter 7 page 217
Which of the following is the means by which a person’s electronic identity and attributes are linked across multiple distinct identity management systems?
A. Public Key infrastructure
B. Federation
C. Obfuscation
D. Multifactor authentication
B. Federation
Federation or federated identity, is the means by which a person’s electronic identity and attributes are linked across multiple distinct identity management systems. SSO (single-sign on) is an example of federation.
Answer A is incorrect. A PKI (public key infrastructure) is a cryptographic technique that enables users to securely communicate on an insecure public network.
Answer C is incorrect. Obfuscation refers to method used to semantically preserve transformation of a data payload into such a form that hides extraction of information from the data.
Answer D is incorrect. Multifactor authentication, also knows as two-factor authentication, is an attempt to maximize security and minimize unauthorized access.
Chapter 7 page 231
A manufacturing company’s current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution?
A. Implement a HBA
B. Implement a VPN
C. Implement a network ACL
D. Implement content filtering
C. Implement a network ACL
A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL.
Answer A is incorrect. A host bust adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device.
Answer B is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network.
Answer D is incorrect. Content filtering is a method of setting limits on user browser sessions. It can be based on location, time, and user privileges. With this option, administrators have the flexibility to whitelist and blacklist websites and applications so that employees are limited to browsing trusted websites.
Chapter 7 page 232
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement?
A. Configure HIPS policies
B. Configure IDS policies
C. Configure security groups
D. Configure network ACL
C. Configure security groups
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act as the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups.
Answer A is incorrect. A host-based intrusion prevention system (HIPS) is a type of IPS that monitors a computer system for unexpected behavior or drastic change to the system’s state and reacts in real time to block it.
Answer B is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process.
Answer D is incorrect. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
Chapter 7 page
Erving is asking you about cloud virtualization techniques and wants to know what a software three tier public cloud deployment is called. What is he referring to?
Templates
Templates are software representations of network system. By using these templates, you can deploy complete cloud systems at a single time. This allows you to implement “one-click provisioning” instead of deploying and configuring individual cloud objects.
Chapter 9 page 272
There has been a steady increase in the response time of cloud-hosted MySQL database application running on an IaaS deployment. When comparing results against her baseline measurements, it shows that there has been a steady increase in the number of read requests over the past six months. What resource would you focus your troubleshooting efforts on?
Storage
Chapter 9
What network service provides accurate time synchronization information?
NTP
The Network Time Protocol (NTP) allows all devices to synchronize to a central clock or times service. This ensures that all devices report the same times to allow for synchronization of logging information. It is important that you verify regularly that your cloud elements are synchronized with the NTP servers to prevent the drifting of device clocks.
Chapter 9 page 272
There has been a large increase in the number of read requests over time on your SQL database. You have been asked to evaluate the baseline variances. What would be the focus of your troubleshooting?
A. Memory
B. CPU
C. Storage
D. Networking
C. Storage
Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
Answers A, B, and D are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting.
Chapter 9
You are architecting a new cloud virtual container. There will be a maximum of 11 servers in the subnet that will each require a private IP address. You decide to use a /28 subnet mask for the IPv4 addressing plan. What other devices may be on this subnet other than the servers that would also require that an IP address be assigned to them?
A. SLA B. Default gateway C. DNS D. NTP E. API F. SNMP
B. Default gateway
C. DNS
D. NTP
In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway.
Answers A, E, and F are incorrect. In addition to the web servers, IP addresses are not required for the SLA, API, and SNMP.
Chapter 9
Which of the following determines the size of an IP network and divides the IP address into network and node partitions?
A. Default gateway
B. Firewall
C. VPN
D. Subnet mask
D. Subnet mask
The subnet mask determines the size of an IP network. It is a number assigned to each host for dividing the IP address into network and nod portions. This segregation makes TCP/IP routable. A subnet mask removes the node ID from the IP address, leaving just the network portion.
Answer A is incorrect. A default gateway is the IP address of a router that routes remote traffic from the device’s local subnet to remote subnets.
Answer B is incorrect. A firewall monitors and control incoming and outgoing network traffic. It establishes a barrier between and internal and external network.
Answer C is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection.
Chapter 9 page 274
In an organization, during a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router’s interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. Which process should be modified to prevent this from happening in the future?
A. Orchestration
B. Patch management
C. Change management
D. API
C. Change management
The change management process would need to be modified to prevent one change from affecting another that is taking place simultaneously. It requires a written plan that includes all contingencies as well as participating in change review meetings to discuss upcoming changes.
Answer A is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser.
Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates.
Answer D is incorrect. Application programming interface (API) defines how software components interact with each other.
Chapter 9 page 277
A video hosting company has just released a popular movie for download. As soon as the announcement is made, all of the Internet-facing servers became very slow. What resource pool increase would most likely resolve the issue?
Network I/O
Chapter 8
Name the visual representation of your current cloud operations?
dashboard
Cloud dashboards are incredibly useful and informative. It is common to display dashboard in operations centers or overhead in office environments to give an easy-to-read overview of operations.
Chapter 8 page 256
Which of the following are examples of vertical scaling?
Each correct answer represents a complete solution. Choose all that apply.
A. Adding memory to a host
B. Adding more disks
C. Increasing numbers of servers
D. Adding more CPU cores
A. Adding memory to a host
B. Adding more disks
D. Adding more CPU cores
Adding memory to a host, adding more disk, and adding more CPU cores are examples of vertical scaling. Vertical scaling is the process of vertical growth; everything is grown bigger and faster, or simply more of something is added.
Answer C is incorrect. Increasing number of servers is an example of horizontal growth. Horizontal scaling is sideways growth, so instead of creating faster and stronger infrastructure points, you’re adding more infrastructure points.
Chapter 8 page 253
Capacity and utilization reporting often contains data on which of the following objects?
A. CPU B. OS Version C. Volume tier D. RAM E. Network
A. CPU
D. RAM
E. Network
CPU, RAM, and network utilization are all important objects to manage for capacity and utilization tracking.
Answers B and C are incorrect. Storage volume tiers and OS versions do not apply to this scenario.
Chapter 8 page 248
To collect metrics, you set up your management application measure what?
objects
Chapter 8 (page 245)
Object tracking should be aligned with which service provider document that outlines guaranteed performance metrics?
Service level agreement (SLA)
By collecting actual data you can compare it to the offered service levels outline in the SLA and ensure that the guaranteed metrics are being met.
Chapter 8 page 251
Niko is generating baseline reports for her quarterly review meeting. She is interested in a public cloud application server’s memory utilization. Where does she generate these reports?
A. Hypervisor
B. Databases
C. Logging servers
D. Cloud management and monitoring application
D. Cloud management and monitoring application
Cloud reports are formatted collection of data contained in the management or monitoring applications.
Answer A is incorrect. A hypervisor pools the
resources and make them available to the virtual machines for consumption.
Answer B is incorrect. Databases are the collection of information that can be easily accessed, managed, and updated.
Answer C is incorrect. Logging servers is a log file that is automatically created and maintained by a server consisting of a list of activities it performed.
Chapter 8
A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as:
A. Autoscaling
B. Variance
C. Elasticity
D. Trigger
C. Elasticity
Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. It allows for cloud consumers to automatically scale up as their workload increases and then have the cloud remove the services after the workload subsides.
Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer B is incorrect. Variance is the measurement of the spread between the baseline and measured result.
Answer D is incorrect. Trigger is the process of initiating and event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 8 page 256
Upgrading to a newer operating system may require that you update what?
A. SOC 2
B. Baseline
C. Benchmarking
D. SLA
B. Baseline
After performing a major system upgrade, you should collect new baseline data as the overall system performance has changed. A baseline is a record of a device’s performance statistics under normal operating conditions. A network baseline documents the network’s current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance.
Answer A is incorrect. The SOC 2 report concerns business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process.
Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Chapter 8 page250
The ability to dynamically add additional resources on demand such as storage, CPUs, memory, and even server is referred to as what?
A. Busting
B. Pooling
C. Elasticity
D. Orchestration
C. Elasticity
Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity.
Answer A is incorrect. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use pubic cloud processing during times of increased load.
Answer B is incorrect. Resource pooling is when the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment.
Answer D is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.
Chapter 1
Jerry is explaining to his customer that the cloud virtualizes hardware resources such as memory, CPU, and storage. These resources are then allocated to virtual machines. What cloud concept is Jerry referring to?
A. On-demand virtualization
B. Dynamic scaling
C. Resource pooling
D. Elasticity
C. Resource pooling
Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires. Resource pooling hides the physical hardware from the virtual machines and allows for many tenants to share resources such as storage, processors, RAM, and networks to allow for the economies of cloud computing.
Answer A is incorrect. In on-demand virtualization, resources are provided on an as-needed and when-needed basis.
Answer B is incorrect. In dynamic scaling, a user must define how to scale in response to the changing demand.
Answer D is incorrect. Elasticity is the ability to add and remove resources.
Chapter 1 page 16
You have been asked in a company security meeting about demarcation of security responsibilities between your private cloud and your public cloud provider. What model would you explain to your management the public cloud provider follows?
A. Availability zones
B. Community
C. Shared responsibility
D. Baselines
C. Shared responsibility
The shared responsibility model outlines what services and portions of the cloud operations the cloud consumer and provider are responsible for.
Answer A is incorrect. Availability zones are isolated locations within the cloud data center regions that the cloud service providers originate and operate.
Answer B is incorrect. Community clouds are designed for a specific community of interest and shared by companies with similar requirements for business needs, regulatory compliance, security, or policy.
Answer D is incorrect. Baselines are used to determine what is considered to be not normal operations.
Chapter 1 page 33
Pete accesses his account in a public cloud, adds two middleware servers to his fleet and logs back off. What type of cloud feature allows him to add servers?
A. Bursting
B. Pay-as-you-grow
C. Multitenancy
D. On-demand
D. On-demand
On-demand cloud computing allows a cloud customer to dynamically add resources with the use of an online portal.
Answer A is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed.
Answer B is incorrect. Pay-as-you-grow cloud characteristic allows billing for only the services used.
Answer C is incorrect. Multitenancy allows a cloud customer to share computing resources in a public or private cloud.
Chapter 1 page 26
What is monitored in cloud management systems to collect performance metrics?
A. Database
B. Server
C. Hypervisor
D. Objects
D. Objects
Objects are queried to gather metric data.
Answer A is incorrect. A database is the collection of information that can be easily accessed, managed, and updated.
Answer B is incorrect. A server provides a service to another computer program.
Answer C is incorrect. A hypervisor pools the resources and makes them available to the virtual machines for consumption.
Chapter 1 page 16
Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support?
A. SAN
B. DaaS
C. SaaS
D. CaaS
C. SaaS
Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-managed applications as well as the underlying platform and infrastructure support.
Answer A is incorrect. Storage area network (SAN) is a specialize, high-speed network that provides block-lever network access to storage.
Answer B is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by the thin clients.
Answer D is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.
Chapter 1 page 8
Maria, a cloud engineer is working in an organization whose online wealth application resides in a community cloud environment. She notices that during peak times, users are unable to access their online wealth management applications in a timely fashion What should she do first to resolve the issue?
A. Access the cloud service portal and ensure that there is adequate disk space available.
B. Access the cloud services portal and ensure all users are accessing it through the same web service.
C. Access the cloud services portal and ensure memory ballooning is enabled.
D. Access the cloud service portal and ensure the ACLs are set correctly for the user community.
C. Access the cloud services portal and ensure memory ballooning is enabled.
The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates the memory for other use. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines.
Chapter 2 page 63
Which of the following protocols are used for messaging?
Each correct answer represents a complete solution. Choose all that apply.
A. Telnet
B. POP3
C. SMTP
D. IMAP4
B. POP3
C. SMTP
D. IMAP4
Post Office Protocol 3 (POP3), Simple Mail Transfer Protocol (SMTP), and Internet Message Access Protocol (IMAP4) are the messaging protocols. SMTP is used to send e-mail messages from client to server and to send and receive e-mail messages between servers. POP3 is used by client devices to retrieve e-mail from a remote email server using the TCP/IP protocol suite. IMAP4 is used to allow a client device to access email on a remote email server.
Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal was directly attached.
Chapter 2 page 57
Ricky is in the process of migrating his company’s servers to the cloud. When undertaking the migration, he is required to reinstall the operating system, application, and data files onto a new VM from scratch. What type of migration is Ricky performing?
A. Virtual to virtual
B. Physical to virtual
C. Virtual to physical
D. Physical to physical
B. Physical to virtual
A physical-to-virtual (P2V) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor. A P2V migration requires reinstalling the operating system, application, and data files onto a new VM from scratch.
Answer A is incorrect. A virtual-to-virtual (V2V) migration involves cloning the existing VM and installing that image at the cloud provider’s hosting center.
Answer C is incorrect. A virtual-to-physical (V2P) migration is done if more processing power is needed and can be provided if the server is hosted on its own server hardware.
Answer D is incorrect. A physical-to-physical (P2P) migration requires conversation utilities to be run to perform the migration; these are often provided by the cloud provider or by third party software companies.
Chapter 2 page 83
Harold will modify an NACL to modify remote access to cloud-based HR application. He will be submitting a detailed plan that outlines all details of the planned change. What process is he following?
A. Cloud automation
B. Change advisory
C. Change management
D. Rollout
C. Change management
Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired.
Answer A is incorrect. Cloud automation system offer the ability to dynamically add and remove resources as needed.
Answer B is incorrect. Change advisory boards advise change teams on guidelines and priorities, assess the changes, and make sure that all order of operations is addressed.
Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
Chapter 2 page 48
You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a VMware-based server in the public cloud. What type of migration is this?
A. vMotion B. P2V C. Private to public D. V2V E. Synchronous replication
B. P2V
When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to -virtual migration.
Answer A is incorrect. vMotion is an application that moves VMs between bare-metal servers.
Answer C is incorrect. Private to public migration is referred to as a migration that takes place from private cloud to the public cloud.
Answer D is incorrect. Virtual-to-virtual (V2V) migration is used to migrate a virtualized machine image to a different format.
Answer E is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.
Chapter 2 page 83
Because of cost savings and the need to be able to dynamically scale resource, you have decided to move a fleet of virtual machines from your corporate data center to a public cloud IaaS service. However, the cloud provider has special hypervisor requirements that are different from your operations. What type of migration would you need to perform to move the VMs to the cloud?
A. Orchestration B. P2V C. Private to public D. V2V E. Synchronous replication
D. V2V
To migrate a virtualized machine image to a different format, you would need to perform a virtual-to-virtual (V2V) migration.
Answer A is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.
Answer B is incorrect. A physical-to-virtual (P2V) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor.
Answer C is incorrect. A private to public migration is referred to as a migration that takes place from private cloud to the public cloud.
Answer E is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility.
Chapter 2 page 83
Which of the following are considered as secure network communication protocols?
Each correct answer represents a complete solution. Choose three.
A. DNS B. SSH C. HTTPS D. FTPS E. SMTP
B. SSH
C. HTTPS
D. FTPS
Hypertext Transport Protocol Secure (HTTPS), Secure Shell (SSH), and File Transfer Protocol Secure (FTPS) all provide encrypted transmission of data and, hence are considered secure network communication protocols.
Answer A is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers or services connected to the Internet or a private network.
Answer E is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail message between servers.
Chapter 2 page 56
A server technician has been given a task to select the appropriate RAID level that can recover the losing data if the server’s hard drive crash. Which of the following RAID levels can fulfil this demand?
Each correct answer represents a complete solution. Choose all that apply.
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
B. RAID 1
C. RAID 5
D. RAID 10
The server technician will select RAID 1, RAID 5, and RAID 10 to recover the losing data if the server’s hard drive crash and provide fault tolerance to a database. RAID 1 is a type of RAID for standardizing and categorizing fault-tolerant disk systems by using disk mirroring. RAID 10 or RAID 1+0, combines two RAID level into one and uses RAID 1 and RAID 0 to provide both mirroring from level 1 and striping from level 0. RAID 5 spreads data byte to byte across multiple drives, with parity information also spread across multiple drives.
Answer A is incorrect because RAID 0 provides no backup for hard drive failure, it merely improves performance.
Chapter 2 page 76
Which of the following is an IP-based storage networking standard for linking data storage facilities?
A. iSCSI
B. DHCP
C. DAS
D. NAT
A. iSCSI
Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks.
Answer B is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information on network systems hat are configures as DHCP clients.
Answer C is incorrect. Direct-Attached Storage (DAS) refers to a digital storage system. it is directly attached to a single host computer or server without a network between the storage device and the server.
Answer D is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet.
Chapter 2
A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the most likely reason?
A. The administrator can deploy the new load balancer via the cloud provider’s web console.
B. The administrator is not using the correct cloud provider account.
C. The administrator needs to update the version of the CLI tools.
D. The administrator needs to write a new script function to call this service.
C. The administrator needs to update the version of the CLI tools.
A command-line interface is a text-based interface tool used to configure, manage, and troubleshot devices. It allows devices to be automated through configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser.
Chapter 4 page 138
A company wants to ensure that their cloud infrastructure is secure but fully available. They want to be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements?
A. DMZ
B. WPAN
C. HTTP
D. IDS
D. IDS
Intrusion Detection System (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process.
Answer A is incorrect. Demilitarized Zone (DMZ) enables external clients access data on private systems, such as web servers, without compromising the security of the internal network as a whole.
Answer B is incorrect. Wireless Personal Area Network (WPAN) is a network that connects devices in very close proximity but not through a wireless access point.
Answer C is incorrect. Hypertext Transfer Protocol (HTTP) is a network protocol that works on the Application layer of the OSI and TCP/IP models and enables clients to connect to an retrieve web pages from a server to interact with websites.
Chapter 4 page 142
When installing a new virtualized intrusion prevention system that is designed for cloud-based network micro-segmentation deployments, the management application requires you to download a Java configuration utility. What kind of automation system is this?
A. CLI B. GUI C. Vendor Based D. API E. RESTful
C. Vendor Based
Based on the information given, the description is for a vendor-based management application.
Answer A is incorrect. CLI is a means of interacting with a computer program where a user issues commands to the program in the form of successive lines of text.
Answer B is incorrect. GUI is used for screen scraping, automated testing, automated data entry, application integration, and content migration.
Answer D is incorrect. API offers programmatic access control, and configuration of a device between different and discrete software components.
Answer E is incorrect. RESTful is used to create a user account at a user’s site.
Chapter 4 page 138
What technology has been instrumental in the growth of on-demand cloud services?
A. XML
B. Python
C. Automation
D. Authentication
C. Automation
The automation of cloud deployments has been instrumental in the growth on on-demand cloud-based services.
Answers A, B, and D are incorrect. The other options are widely implemented in cloud architectures but are not the best answer to the question given.
Chapter 3/4
(Week 3 #22)
What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called?
A. SOC 1
B. SOC 2
C. SOC 3
D. FISMA
C. SOC 3
The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report.
Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations.
Answer B is incorrect. The SOC 2 report concerns a business’s nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
Answer D is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities.
Chapter 3 page 106
(Week3 #11)
To secure a data center interconnect between your company’s Sydney and Berlin regions, you are being asked what a common solution is that allows interoperability between the various vendor’s firewalls and routers in each region. What is a good solution for securing interconnects over the Internet and between dissimilar hardware and software security devices?
A. AES
B. SOC 3
C. IPsec
D. RC5
C. IPsec
IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standard based to allow for interoperability.
Answer A is incorrect. AES is the Advanced Encryption Standard which is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits.
Answer B is incorrect. SOC 3 (Service Organization Controls 3) reports are for public disclosure of financial controls and security reporting.
Answer D is incorrect. RC5 (Rivest Cipher 5) is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.
Chapter 3 page 108
(Week 3 #12)
Which U.S. federal government policy and standard would you focus on to help secure information systems (computers and networks)?
A. FedRAMP
B. RMF
C. FISMA
D. Section 405.13 for DoD rule A286
B. RMF
The Risk Management Framework (RMF) is a United States federal government policy and standards to help secure information systems (computers and networks) developed by the National Institute of Standards and Technology (NIST).
Answer A is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorization, and continuous monitoring for cloud products and services.
Answer C is incorrect. Federal Information Security Management Act (FISMA) is a US federal law that outlines the framework to protect federal government information, operations, and facilities.
Answer D is incorrect. Department of Defense (DoD) rule outsources commercial interconnections to the DoD and other systems.
Chapter 3
(Week 3 #13)
James has allowed access to a development server for certain hours of the day, granting another user complete control over a server fleet or storage system for administrative purposes. What type of access control is this?
A. Discretionary Access Control
B. Nondiscretionary Access Control
C. Mandatory Access Control
D. Role-Based Access Control
B. Nondiscretionary Access Control
The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access.
Answer A is incorrect. Discretionary access controls differ from mandatory access controls by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by the mandatory access controls.
Answer C is incorrect. The mandatory access control (MAC) approach is often found in high-security environments where access to sensitive data needs to be tightly controlled.
Answer D is incorrect. The role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization.
Chapter 3 page 121
(Week 3 #14)
What is SLA?
Each correct answer represents a complete solution. Choose all that apply.
A. A business continuity plan
B. A document that defines all levels of service that the provider is promising to provide to the customer.
C. A binding contract defining the service promised, that a customer can use for litigations whenever those promises are constantly missed
D. A contract that defines how various IT groups within a company plan to deliver a service or set of services.
B. A document that defines all levels of service that the provider is promising to provide to the customer.
C. A binding contract defining the service promised, that a customer can use for litigations whenever those promises are constantly missed
The service-level agreement (SLA) is the most important document that exists between the service provider and the customer or user. It defines all levels of services that the provider is promising to provide to the customer in exchange for their compliance with some policies and of course, for their hard-earned cash. The SLA serves as a binding contract that a customer can use for litigations whenever the promises are constantly missed.
Answer A is incorrect. A business continuity plan is a document that contains the critical information a business needs to stay running in case of adverse event.
Answer D is incorrect. An operational-level agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or set of services.
Chapter 6 page 195
(Week 4 # 27)
To meet regulatory requirements, a medical records company is required to store customer transaction records for seven years. The records will most likely never be accessed after the second year and can be stored offline to reduce expenses. What type of storage should they implement to achieve the goal?
A. File transfer
B. Archive
C. Replication
D. Data store
B. Archive
Inactive data moved to a separate storage facility for long-term storage is referred to as archiving.
Answer A is incorrect. File transfers occurs in the background from the primary data center to a backup site.
Answer C is incorrect. Replication is the transfer and synchronization of data between multiple data centers.
Answer D is incorrect. A data store is used for storing and managing collections of data.
Chapter 6 page 191
(Week 4 #24)
Which of the following is a hierarchical scheme of databases that map computer names to their associated IP addresses?
A. NAT
B. DHCP
C. DNS
D. IPsec
C. DNS
Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name. For example, in the name www.ucertify.com, www is the computer’s name, ucertify is the domain, and .com is the top-level domain.
Answer A is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet.
Answer B is incorrect. Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides they dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC addresses of a network device.
Answer D is incorrect. Internet Protocol Security (IPsec) is used to secure data as it travels across the network or the Internet through data authentication and encryption.
Chapter 6 page 199
(Week 4 #23)
James has been directed by his employer’s finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. James has updated is corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed?
A. SLA
B. RTO
C. RPO
D. MTTR
C. RPO
The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster. It is defined by business continuity planning. It is the maximum targeted period in which data might be lost from an IT service due to a major incident.
Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer B is incorrect. The recovery time objective (RTO) is the amount of time it takes to get a service online and available after a failure.
Answer D is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue.
Chapter 6 page 184
(Week 4 #22)
Marc has been reviewing disaster recovery planning, and after receiving direction from his company’s board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Marc is updating his DR plan with this new metric. What part of the plan should he modify?
A. SLA
B. RPO
C. RTO
D. MTTR
C. RTO
The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.
Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer B is incorrect. The recovery point objective (RPO) is the amount of data that may be lost when starting the operations after a disaster.
Answer D is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue.
Chapter 6 page 184
(Week 4 #21)
Harold is creating a disaster recovery plan based on corporate requirements that service be restored in the shortest amount of time possible if the primary cloud data center is down. What disaster recovery model would you suggest to Harold?
Hot site
A hot site model is where two fully redundant cloud data centers are in sync with each other, with the standby site backing up the primary in real time in the event of a failure. The hot site offers the most redundancy of any model. It is also the most expensive option and is used when having your cloud computing operations go offline is not an option
Chapter 6 (page 187)
Jeff is preparing to update his company’s business continuity plan with details on their disaster recovery site. His plan is to have a facility ready with floor space, power, and cooling that has facilities for him to load in his server racks to restore service. What type of DR implementation is Jeff deploying?
Cold site
The cold site model is where a backup data center is provisioned to take over operations in the event of a primary data center failure but the servers and infrastructure are not operational until needed. A cold site facility may not have any servers or infrastructure installed, so to recover from an outage, the cold site approach will need significant amounts of installation and preparation before it is ready to be utilized.
Chapter 6 (page 188)
Which disaster recovery model is when the remote backup of the site is offline except for critical data storage, which is usually a database?
Warm site
A warm site approach to recovering from a primary data center outage is when the remote backup site is offline except for critical data storage, which is usually a database server at the primary data center.
Chapter 6 (page 187)
Which of the following disaster recovery sites doesn’t have any resources or equipment except for elevated floors and air conditioning?
A. Hot site
B. Warm site
C. Alternative site
D. Cold site
D. Cold site
A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. It is the least expensive disaster recovery solution that doesn’t have any resources or equipment except for elevated floors and air conditioning.
Answer A is incorrect. A hot site is a fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure.
Answer B is incorrect. A warm site is a business site that performs noncritical function under normal conditions, which can be rapidly converted to a key operations site if needed.
Answer C is incorrect. An alternative site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available.
Chapter 6 page 188
(Week 4 # 18)
A new application patch is being validated prior to release to the public. The developers have a release candidate, and the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does in fact, resolve the problem. What process is he verifying?
A. Rollout
B. Orchestration
C. Automation
D. QA
D. QA
The manager is requesting data on the results of the quality assurance testing on the release.
Answer A is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
Answer B is incorrect. Orchestration platform automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.
Answer C is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the the event.
Chapter 5 page 159
(Week 4 # 09)
To meet regulatory requirements your company must provide geographical separation between active and backup data of certain medical records your company collects and process in Germany. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements?
A. Remote
B. Full
C. Local
D. Incremental
A. Remote
A remote backup is a preferred approach since they have the advantage of geographical separation. Many corporate and most regulatory requirements will specify that the backup data be located at a separate data center from the origin data center and that the two locations are geographically some distance apart from each other.
Answer B is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller or incremental backups that are added to the full backup in the time between the full backups.
Answer C is incorrect. A local backup is created when data in a data center is stored on its primary storage array and a backup operation is performed.
Answer D is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed.
Chapter 5 page 170
(Week 4 #11)
Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime during the process. What upgrade approach should Marlene perform to meet these requirements?
A. Orchestration
B. Rolling
C. Hotfix
D. Blue-green
B. Rolling
A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question.
Answer A is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.
Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure.
Answer D is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other.
Chapter 5 page 159
(Week 4 # 14)
What are tightly couple computers that allow for software patching without incurring downtime called?
A. Blue-green
B. Hotfix
C. Runbook
D. Cluster
D. Cluster
Clusters are groups of computers interconnected by a local area network and are tightly couple together. Clusters can be configured in many different topologies depending on the use case and for the different solutions they are designed for. However, all clusters are designed for high availability, which can allow for installing patches with zero downtime.
Answer A is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other.
Answer B is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure.
Answer C is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks.
Chapter 5 page 157
(Week 4 #15)
Which of the following is the process of replicating data in real time from the primary storage system to a remote facility?
A. Synchronous
B. Asynchronous
C. Site mirroring
D. RTO
A. Synchronous
Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data.
Answer B is incorrect. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location.
Answer C is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure.
Answer D is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.
Chapter 6 page 190
(Week4 #16)
Sharon has been directed to put together a disaster recovery plan based on directives from her company’s executive management team. The company’s core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company’s ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which disaster recovery model should she implement?
A. Hot site
B. Warm site
C. Alternative site
D., Cold site
A. Hot site
A hot site is fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure.
Answer B is incorrect. A warm site is a business site that performs noncritical function under normal conditions, which can be rapidly converted to a key operations site if needed.
Answer C is incorrect. An alternative site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available.
Answer D is incorrect. A cold site is a predetermined alternate location where a network can be rebuilt in case of a disaster.
Chapter 6 page 187
(Week 4 #17)
Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the backend, update the remote zones. What type of replication would you recommend to configure?
A. Asynchronous
B. Synchronous
C. Site mirroring
D. RTO
A. Asynchronous
Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location.
Answer B is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data.
Answer C is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure.
Answer D is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure.
Chapter 6 page 190
(Week 4 #19)
Which disaster recovery measurement defines when you can expect your system to be back online after an outage?
recovery time objective
Or Restore Time Objective (RTO) is the amount of time a system can be offline during a disaster; it is the amount of time it takes to get operations back up and operational after a failure.
Chapter 6 (page 184)
Which disaster recovery measurement defines the amount of lost data after a recovery?
recovery point objective
Or Restore Point Objective (RPO) is the restore point you recover to in the event of an outage. Basically, the RPO indicated the amount of data that may be lost when restarting the operation after a disaster.
Chapter 6 (page 184)
Janice manages the MySQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What options does she have to support the requirements of this database?
A. Horizontal scaling
B. Vertical scaling
C. Pooling
D. Bursting
B. Vertical scaling
Scaling up or vertical scaling will add resources such as CPU instances or more RAM. When you scale up, you are increasing your compute, network or storage capabilities.
Answer A is incorrect. Scaling out or horizontal scaling, adds more nodes instead of increasing the power of the nodes.
Answer C is incorrect. Resource pooling is the allocation of computer resources into a group, or pool, and then these pools are made available to multitenant cloud environment.
Answer D is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed.
Chapter 7 page 225
(Week 5 #13)
Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company’s VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend be enabled to help prevent this type of cyber-attack?
A. Autoscaling
B. Variance
C. Lockout
D. Trigger
C. Lockout
A lockout policy can be applied to an account that defines the parameters that create a lockup event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes. A lockout policy will most likely be defined by your information security group, and you may be asked to create an apply the policy as part of your duties.
Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity.
Answer B is incorrect. Variance is the measurement of the spread between the baseline and the measured result.
Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
Chapter 7 page 233
(Week 5 # 27)
Eva is the network architect for her company’s large cloud deployment; she has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud workload during end-of-month processing. What operation is she going to perform?
A. Elasticity
B. Bursting
C. Vertical scaling
D. Auto-scaling
B. Bursting
Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed.
Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity.
Answer C is incorrect. Vertical scaling adds resources such as CPU instances or more RAM.
Answer D is incorrect. Auto-scaling is the automated process of adding and removing capacity.
Chapter 7 page 224
(Week 5 # 14)
Which of the following is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes?
A. Cloud bursting
B. Cloud automation
C. Multitenancy
D. Resiliency
A. Cloud bursting
Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes. It is beneficial for high performance, non-critical applications that handle non-sensitive information.
Answer B is incorrect. Cloud automation provides way to build processes used to provision cloud services across virtual and physical cloud platforms.
Answer C is incorrect. Multitenancy is the characteristic of a software program that enables an instance of the program to serve different consumers (tenants) whereby each is isolated from the other.
Answer D is incorrect. Resiliency is a form of failover that distributes redundant implementations of IT resources across physical locations.
Chapter 7 page 224
(Week 5 #20)
What type of scaling includes adding additional servers to an existing pool?
A. Horizontal B. Round robin C. Elasticity D. Auto-scale E. Vertical
A. Horizontal
Horizontal scaling is the process of adding servers to a pool for increased capacity.
Answers B, C, D, and E are incorrect. Round robin is a load-balancing metric and does not apply, elasticity is the ability to add and remove resources, auto-scaling is the automated process of adding and removing capacity, and vertical scaling is expanding a server.
Chapter 7 page 226
(Week 5 #22)
David, a cloud administrator has finished building a virtual server template in a public cloud environment. He is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, he notices that tow of the servers do not have a public IP address. Which of the following is the most likely cause?
A. The maximum number of public IP address has already been reached.
B. The two servers are not attached to the correct public subnet.
C. The two servers do not have enough virtual network adapters attached.
D. There is no Internet gateway configured in the cloud environment.
C. The two servers do not have enough virtual network adapters attached.
A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection or LANs. A virtual network adapter is the logical or software instance of physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services.
Chapter 8/9
(Week 6 #14)
The network operations center has implemented object tracking on their monitoring application. What information can this give them?
Each correct answer represents a complete solution. Choose three.
A. Resiliency B. Trends C. Metrics D. ACLs E. Peak usage F. Anomalies
B. Trends
E. Peak usage
F. Anomalies
Trend, peak usage, and anomalies are all management report outputs that can be identified using object tracking.
Answers A, C, and D are incorrect. Resiliency, metrics, and ACLs can not be identified using object tracking.
Chapter 8 page 246
(Week 6 #13)
What are the common cloud resources in a deployment that may saturate over time?
Each correct answer represents a complete solution. Choose all that apply.
A. RAM
B. Monitoring
C. CPU
D. Storage
A. RAM
C. CPU
D. Storage
Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as you cloud computing requirements grow.
Answer B is incorrect. Monitoring applications can display actual compared to available API capacity.
Chapter 8/9
(Week 6 # 16)
A business is planning to migrate from a private cloud to public cloud. To document business continuity, which of the following should be done first?
A. Develop a disaster recovery plan with partners/third parties.
B. Identify HA technology to provide failover.
C. Define the set of application-based SLAs.
D. Define the scope of requirements.
C. Define the set of application-based SLAs.
To document business continuity, define the set of application-based SLAs first. Service providers need service-level agreements (SLAs) to manage customer expectations and define the circumstances under which they are not liable for outages or performance issues. An SLA is a document which is a part of a service contract in which a service is formally defined between two or more parties. It can be a legally binding formal or an informal contract. Particular aspects of the service, such as scope, quality, and responsibilities are agreed upon between the service provider(s) and the customer.
Chapter 8/9
(Week 6 #15)
In which cloud computing model does the cloud provider takes responsibility up to the operating system level, including all hardware and OS software?
A. UCaaS
B. PaaS
C. DaaS
D. CaaS
B. PaaS
Platform as a Service (PaaS) is a cloud computing model in which a third-party provider delivers hardware and software tools. It allows customers to install their applications on the cloud platform. The cloud provider takes responsibility up to the operating system level, including all hardware and OS software.
Answer A is incorrect. Unified Communication as a Service (UCaaS) includes voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud.
Answer C is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Answer D is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration and other communication services.
Chapter 1
Connie is the chief information officer at a medium-sized accounting firm. During tax preparation season, the internal demand for computing resources rises, and then after the taxes are filed, the computing capacity is no longer needed. She is being asked to create a more efficient and agile solution to her company’s operations that maximizes operational expenditures. What servers does the public cloud offer to meet her needs?
Each correct answer represents a complete solution. Choose three.
A. Elasticity B. On-demand computing C. Availability zones D. Resiliency virtualization E. Pay-as-you grow F. Resource pooling
A. Elasticity
B. On-demand computing
E. Pay-as-you grow
Elasticity, on-demand computing, and pay-as-you grow are all examples of being able to expand and contract cloud compute resources as your needs require.
Answers C, D, and F are incorrect. Availability zones, resiliency virtualization, and resource pooling do not maximize operational expenditures.
Chapter 1
Jillian is working on a project to interconnect her company’s private data center to a cloud company that offers e-mail services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating?
A. Public
B. Hybrid
C. Community
D. Private
B. Hybrid
The interconnection of multiple cloud models is referred to as a hybrid cloud.
Answer A is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place.
Answer C is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources.
Answer D is incorrect. A private cloud is operated and reserved by a single organization.
Chapter 1
Janine is in the process of implementing a hybrid cloud model that connects her company’s private cloud to a public cloud that supports on-demand web hosting. To ease the management of the remote resources for her network operations center, she wants to implement LDAP in the remote cloud service to interconnect with her locally hosted Active Directory servers. What type of system is she deploying?
A. Token-base 2FA
B. SSO
C. RSA
D. Nondiscretionary
B. SSO
Single sign-on allows a user to log in one time and be granted access to multiple systems without having to authenticate to each one individually.
Answer A is incorrect. Token-based 2FA is a method of confirming a user’s claimed identity by utilizing a combination of two different factors.
Answer C is incorrect. RSA is an asymmetrical encryption implementation that uses a private key and public key.
Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud.
Chapter 2 page 90
What application tracks a process from start to finish?
A. API
B. NTP
C. Workflow
D. Orchestration
C. Workflow
Workflow application tracks a process from start to finish and sequence the applications that are required to complete the process.
Answer A is incorrect. An API is an interface through which a user communicates with a device.
Answer B is incorrect. The NTP allows all devices to synchronize to a central clock or time service.
Answer D is incorrect. Orchestration platform automates the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser.
Chapter 2 page 52
Jerry is learning about cloud storage systems and she is interested in learning about high-speed network storage solutions. What would you recommend she focus on her research on?
A. SSO
B. NAT
C. RBAC
D. SAN
D. SAN
A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. A SAN moves storage resources off the network and reorganizes them into an independent, high-performance network. It allows server operating systems to access the shared storage list as if it were locally attached drive. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes.
Answer A is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.
Answer B is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet.
Answer C is incorrect. Role-base access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization.
Chapter 2 page 69
Which of the following infrastructure services addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services?
A. Load balancing
B. Certificate services
C. Dynamic host configuration protocol
D. Domain name service
A. Load balancing
Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services.
Answer B is incorrect. Certificate management offerings that may be available are services that will rotate the keys, update the servers, and load balancers with current keys, and ensure the private keys are securely stored.
Answer C is incorrect. The dynamic host configuration protocol (DHCP) allows for automatic assignment of IP addressing information to devices on a network.
Answer D is incorrect. To resolve a name to an IP address that the IP protocol uses to connect to a remote device, the server or workstation will perform a DNS server lookup.
Chapter 2 page 91
The reference design of a database server recommends using a durable block storage options that is durable, offers high utilization rates, and also supports striping that allows a parity bit to be used to reconstruct a volume if a single SSD fails in the array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5
D. RAID 5
RAID 5 can withstand a single drive failure in the array because of the use of parity data that can be used to reconstruct the storage volume.
Answer A, B, and C are incorrect. The other RAID types do not have parity data; therefore they cannot withstand a single drive failure in the array.
Chapter 2 page 77
Which of the following automation tools is a defined means to programmatically access, control, and configure a device between different and discrete software components?
A. Application Programming Interface
B. Vendor-Based Solution
C. Command Line
D. Web Graphical User Interface
A. Application Programming Interface
An application programming interface (API) is defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from the physical devices to the applications and everything in between.
Answer B is incorrect. Vendors and suppliers of virtualized cloud services offer internally developed automation tools and configuration examples as part of their offerings.
Answer C is incorrect. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices and allows devices to be automated through configuration scripts.
Answer D is incorrect. A graphical user interface (GUI) is a web-based interface that is usually your first introduction to a cloud provider’s system.
Chapter 3/4
(Week 3 # 20)
Flora is security consultant for a day trading company that must implement strong encryption of data at rest for their cloud storage tiers. What is the best option that meet most security regulations for the encryption of a stored data?
A. 3DES
B. RSA
C. AES-256
D. Rivest Cipher 5
C. AES-256
Advanced Encryption Standard (AES) is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. AES 256 is a very secure standard, and it would take an extremely long time and a lot of processing power to even come close to breaking the code.
Answer A is incorrect. 3DES is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.
Answer B is incorrect. RSA is a asymmetrical encryption implementation that uses a private key and a public key.
Answer D is incorrect. Rivest Cipher 5 is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.
Chapter 3 page 110
Carl is planning for a large advertising campaign his company will unveil. He is concerned that his current e-commerce server farm hosted in a public cloud will be overwhelmed and suffer performance problems. He is researching options to dynamically add capacity to the web server farm to handle the anticipate additional workload. You are brought in to consult with him on his options. What can you recommend as possible solutions?
Each correct answer represents a complete solution. Choose three.
A. Vertical scaling B. Horizontal scaling C. Edge cache D. Cloud bursting E. Core elasticity
A. Vertical scaling
B. Horizontal scaling
D. Cloud bursting
Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options that use elasticity to scale cloud operations including vertical and horizontal scaling and bursting.
Answers C, and E are incorrect. Edge cache and core elasticity are not used to dynamically add capacity to the web server farm to handle the anticipated additional workload.
Chapter 7
Week 5 # 15
Jennifer plans to modify a firewall access control list to allow RDP connections from a new remote office into her private cloud data center. She is creating a document that details all the steps required to implement the new rule set. What process is she following?
A. Cloud automation
B. Change advisory
C. Change management
D. Rollout
C. Change management
Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired.
Answer A is incorrect. Cloud automation systems offers the ability to dynamically add and remove resources as needed.
Answer B is incorrect. Change advisory boards advice change teams on guidelines and priorities, assess the changes, and make sure that all order of operations is addressed.
Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch.
Chapter 7
As Cloud+ certified professional you have been asked to review your company’s hybrid servers to ensure they are properly hardened from a malicious attack. You review the server’s active user accounts and see that there are accounts that belong to consultants who review your operations once each year. They are not scheduled to return for 10 more months. What should you do with these accounts?
A. Do nothing B. Delete the accounts C. Disable the accounts D. Change the resource access definitions E. Modify the confederation settings F. Change the access control
C. Disable the accounts
The ability to disable an account can be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted.
Answers A, B, D, E, and F are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted.
Chapter 7
The DevOps team is requesting read/write to a storage bucket in the public cloud that is located in a backup region. What kind of services are they requesting?
A. Authorization
B. Authentication
C. Federation
D. SSO
A. Authorization
The question is asking about being able to access a specific cloud service. This would concern DevOps having authorization to access the storage volume.
Answer B is incorrect. Authentication is the process of determining the identity of a client usually by a login process.
Answer C is incorrect. The federated approach is based on industry standards that allow for the needed interoperability between different organization’s systems.
Answer D is incorrect. SSO (single sign-on) allows a user to log in just one time and be granted access rights to multiple systems.
Chapter 7
After upgrading an accounting application in your IaaS fleet of servers, you notice that the newly installed features in the upgrade dramatically increase the local processing requirements for the servers. What virtual resources can be increase to account for the new application’s added requirements.
A. DMA B. BIOS C. IPsec D. CPU E. I/O
D. CPU
Implementing new application features may cause increased CPU usage and require that you add CPU resources to meet the requirements of the application.
Answer A is incorrect. DMA (direct memory access) allows certain hardware subsystems to access main system memory, independent of the CPU.
Answer B is incorrect. BIOS (basic input/output system) is used to perform hardware initialization during the booting process and provides runtime services to operating systems and programs.
Answer C is incorrect. Internet Protocol Security (IPsec) is a framework or architecture that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network.
Answer E is incorrect. I/O (input/output) is the communication between the information processing system and human being.
Chapter 7
Matt is preparing a change management plan to add CPU capacity to a busy database server used by his order entry department. What type of scaling involves replacing an existing server with another that has more capabilities?
A. Horizontal B. Round robin C. Elasticity D. Auto-scale E. Vertical
E. Vertical
Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities.
Answer A is incorrect. Horizontal scaling is the process of adding servers to a pool for increased capacity.
Answer B is incorrect. Round robin is referred to as a load-balancing metric.
Answer C is incorrect. Elasticity is the ability to add and remove resources.
Answer D is incorrect. Auto-scale is used for adding and removing capacity by an automated process.
Chapter 7
Which of the following is a composition of two or more clouds that are unique entities but are bound together and provide the benefits of multiple deployment models?
A. Hybrid
B. Public
c. Private
D. Community
A. Hybrid
A hybrid cloud is a composition of two or more clouds (private, community, or public) that are unique entities but are bound together and provides the benefits of multiple deployment models. It can also be considered as multiple cloud systems connected in a manned that permits programs and data to be moved easily from one deployment system to another.
Answer B is incorrect. Public cloud is based on the standard cloud computing model in which resources such as application and storage are made available by a service providers to the general public over the Internet.
Answer C is incorrect. Private cloud is an infrastructure used only for a single organization, whether handled internally or by a third-party and hosted internally or externally.
Answer D is incorrect. A community cloud is a type of cloud computing deployment model used between a selective group of users or organizations.
Chapter 7
(Week 5 #21)
Jeff has been monitoring resource usage increase in his web server farm. Based on trending data he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this?
A. Elasticity
B. Variance
C. Autoscaling
D. Trigger
C. Autoscaling
Autoscaling is the dynamic process of adding and removing cloud capacity. This service can also be configured to remove he servers after the load has fallen below your defined metrics for a period of time to eliminate charges for unused capacity.
Answer A is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud.
Answer B is incorrect. Variance is the measurement of the spread between the baseline and the measured result.
Answer D is incorrect. Trigger is the process of initiating an event report based on metric value or threshold that is considered to be outside your baseline.
Chapter 8/9
(Week 6 #17)
Which of the following tracks a process and sequences the applications that are required to complete the process?
A. API
B. Runbook
C. Workflow
D. Orchestration
C. Workflow
Workflow application track a process from start to finish and sequence the applications that are required to complete the process.
Answer A is incorrect. Application programming interface (API) defines how software components interact with each other.
Answer B is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks.
Answer D is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser.
Chapter 8/9
(Week 6 #18)
What are the recommended procedures to take when preparing an outage response plan?
Each correct answer represents a complete solution. Choose three.
A. Configuration backups B. SLA C. Documentation D. Diagrams E. DHCP
A. Configuration backups
C. Documentation
D. Diagrams
When troubleshooting, it is helpful to have access to configurations, documentations, and diagrams to provide information on your cloud deployment.
Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer E is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network services that provides automatic assignment of IP addresses and other TCP/IP configuration information.
Chapter 8/9
(Week 6 #19)
Hank designed an application tier for his company’s new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments?
Each correct answer represents a complete solution. Choose all the apply.
A. DNS
B. SLA
C. NTP
D. DHCP
A. DNS
C. NTP
In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same time to allow for synchronization of logging information.
Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider.
Answer D is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP address and other TCP/IP configuration information.
Chapter 8/9
(Week 6 #23)
A medical records company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend they use?
A. Public
B. Hybrid
C. Private
D. Community
D. Community
A community cloud is where multiple organization from a specific community with common interests share the cloud infrastructure. They can be managed internally or by a third-party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud, but more than a private cloud.
Chapter 1
(Week1 # 20)
Which of the following cloud components include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks?
A. Networking B. Automation C. Computing D. Storage E. Virtualization A. Networking
A. Networking
Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks.
Answer B is incorrect. Automation software systems operate in a cloud provider’s data center that automates the deployment and monitoring of cloud offerings.
Answer C is incorrect. The compute resources are the actual central processing of data and applications on either a physical or virtualized server running a variety of operating systems.
Answer D is incorrect. Large storage arrays and storage area networks exist in the cloud for use by cloud service consumers. Common storage media are solid state drives (SSDs) and magnetic physical drives.
Answer E is incorrect. Virtualization is the ability to take physical data center resources such as RAM, CPU, storage, and networking and create a software representation of those resources in large-scale cloud offerings.
Chapter 1
(Week 1 #25 )
Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud’s development zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement?
Each correct answer represents a part of the solution. Choose all that apply.
A. Durable B. RAID C. Ephemeral D. Nondurable E. Block F. Object
C. Ephemeral
D. Nondurable
Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage.
Answer B is incorrect. Durable storage volumes do not get deleted and retains data even if the virtual machine is stopped or terminated.
Answer B is incorrect. RAID is a hardware storage family of redundancy types.
Answer E is incorrect. Block storage offers a high utilization rate.
Answer F is incorrect. Object-based storage is highly utilized at the large cloud companies as a fully managed and cost-effective service.
Chapter 3/4
(Week 3 #18)
The ____ network utility is found in both Windows and Linux operating systems and is used to show what network connection are open to remote applications.
netstat
netstat is a network statistic utility found on both Windows and Linux workstation and servers. You can use netstat when troubleshooting to see which network connections are open to remote applications, to view detailed protocol information, to see addresses used both locally and remotely, and to determine which state the TCP connections are currently in on the device.
Chapter 10 (page 300)
Sarah made an SSH connect to a remote bastion host. She needs to add an access control list rule to allow the bastion server to access a new subnet. She needs the source IP address of her host. What command can she run on the server to collect this information?
ifconfig
ifconfig on Linux and ipconfig on Windows are command-line utilities used to verify and configure the local network interfaces.
Chapter 10 (page 300)
After deploying a new public website, your validation steps ask you to check the domain name to IP address mappings. What Linux and Windows utilities can be used for validation?
dig and nslookup
nslookup and dig are command-line utilities used to resolve hostnames to IP addresses using a DNS server. nslookup is the Windows variant and its Linux equivalent is called dig. If you need to learn the IP address of a domain, use these applications to resolve the DNS name to the IP address.
Chapter 10 (page 302)
To verify network reachability from a NoSQL database server residing in a private subnet on a public cloud to the application tier, what utility can she use as a quick connectivity test?
ping
ping is part of the TCP/IP family of protocols; it is used to verify that a device is available and reachable on the network and also to get a reading of the response time at the moment in time.
Chapter 10 (page 303)
What Window server application presents the server’s graphical desktop on a remote user’s screen?
Remote Desktop Services
Remote Desktop Services (RDP) allows remote access to Windows devices. RDP is a client-server application, which means RDP had to be installed and running on both the server and the local workstation you are using to access the cloud server. The desktop application comes preinstalled on most versions of Windows.
Chapter 10 (page 309)
You are configuring a remote out-of-band management network that connects to router and switch serial ports in a private cloud. What product would you need to install to accomplish this task?
terminal server
In a data center, devices called terminal servers are deployed that have several serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH or a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices you want to connect to.
Chapter 10 (page 307)
A Cloud+ student you are mentoring asks about the mappings between the layer 2 MAC address and the gateway router’s IP address. He wants to verity that the VM has the correct network mapping information. Which utility would you tell him to use to gather this information?
ARP
Address Resolution Protocol (ARP) is the protocol that determines the mapping of the IP address to the physical MAC address on a local network.
Using ARP, all devices on the LAN build a table of IP to MAC address bindings.
Chapter 10 (page 298)
A remote user is unable to reach a Linux-based web server hosted in the Singapore zone of the cloud provider. The user is located in Austin, Texas. What utility can she use to verify the connection path?
traceroute
The tracert/traceroute utilities are useful for network path troubleshooting. The traceroute utility displays the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path.
Chapter 10 (page 306)
Scott is troubleshooting a SQL access issue and wants to look at the data frames being sent and received from his network adapter card on the Linux database server. What utility would he use to collect the traces?
tcpdump
tcpdump allows Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Sometimes called sniffing, tcpdump allows you to set up filters to select the traffic you are interested in capturing for troubleshooting. Think of tcpdump as a command-line network analyzer.
Chapter 10 (page 305)
Which text-based remote access application is used to securely access Linux servers in a public cloud?
SSH
Secure Shell (SSH) is the encrypted version of the Telnet protocol and is used to access remote devices using a command-line interface. Use port 22 for communications.
Chapter 10 (page 305)
When configuring the network interface on a Windows server, what is the term used to designate the IP address of the router interface on the local subnet?
Default gateway
The term default gateway can be misleading since a gateway is now called a router. But a default gateway is the IP address on the interface on the router on the local subnet that connects to the outside world. It gives computers on one network a path to other networks.
Chapter 10 (page 292)
A set of application server instances is suffering poor performance, Brian notices that there is a lot of pagefile thrashing to the ephemeral SSD drives. You are brought in to investigate the instance configuration. What resource pool would you recommend changing to help resolve the application performance problem?
Memory
When RAM utilization reaches 100 percent on a server, the operating system will begin to access the swap file and cause a serious performance slowdown that affects all processes running on the server. Monitoring memory usage is one of the most critical objects to monitor and collect baseline data on.
Chapter 8 (page 249)
Rhonda is creating a change management plan to increase the processing abilities of one of her middleware application servers. What components can she upgrade to increase server processing performance?
CPU
Many applications are CPU bound which is to say their performance depends on the amount of CPU resources available. One of the most common cloud objects that are tracked is the percentage of CPU utilization, since it has a direct impact on systems’ performance.
Chapter 8 (page 247)
Eva is the lead network architect for her company’s hybrid cloud operations, and she has interconnected her private cloud to a community cloud in another province. Eva is investigating using the community cloud to supplement her private cloud operations during end-of-month processing. What operation is she going to perform?
bursting
Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load.
This is the model where a primary data center carries the current compute load, and when additional capacity is required, a remote cloud can assist with the load. One cloud is primary and can “burst” to a backup cloud if additional capacity is required to meet a peak demand situation.
Chapter 7 (page 224)
Sophia is monitoring her cloud web server dashboard and notices that CPU utilization on her company’s database server fleet has been consistently at more than 80 percent utilization. She checked her baselines and noticed that 60 percent utilization is normal. What is the difference called?
variance
Chapter 7 (page 217)
What authentication configuration will ignore a dictionary login attack after a set number of failed attempts?
Lockout
A lockout policy can be applied to an account that defines the parameters that create a lockout event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes.
Chapter 7 (page 233)
Name the backup operation that is based on the change of the source data since the last backup was performed?
Incremental
Incremental backups perform operations based on the change of the source data since the last incremental backup was performed. Incremental backups can be run, for example on a nightly basis and capture the changes that were made since the previous backup was run the night before. This allows for an efficient backup operation since only the changes in the past 24 hours are stored on the backup media. Incremental backups are much less time-and resource-consuming than a full backup and are used to complement them.
Chapter 5 (page 169)
Debbie has submitted a change management request to update her data analysis application. She plans on implementing an update that includes new features and a rollup of a bug fixes. What type of upgrade is Debbie requesting?
Version
A version update is the process of replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, and provide a rollup of all previous patches to improve the product. Upgrading entails replacing the current, older version of the same product with a newer version.
Chapter 5 (page 162)
What cloud service contains and ordered rule set that contains permit and deny statements and is used to protect cloud-based devices?
Firewall
The device that is central to any security implementation is the network firewall. A firewall will be installed inline in a network so that all traffic must pass through is as it transits from one network to another. Firewalls will have rule sets, or policies, configured that will either permit or deny traffic to pass.
Chapter 4 page 141
What web security technology is implemented with HTTPS?
SSL/TLS
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) make up a group a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
Chapter 3 page 109
Zender is a database administrator for your private cloud operations. He is planning on attending a user conference in Austin, Texas but wants to be able to connect to the database from his hotel in case of an emergency arises. As a security consultant, which security system would you set up for his VPN?
IPsec
IP Security (IPsec) is a framework, or architecture, that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Since IPsec is not a protocol but a framework that implements different security and encryption protocols under one umbrella, it can be challenging to understand all the details and to correctly implement and troubleshoot it. Most IPsec implementations are found in the VPNs, application security, and network security technologies that are commonly implemented in operating systems, routers, and firewalls.
Chapter 3 page 108
Jacob has a critical application that requires highly durable storage. he is asking if there is a disk array technology that can withstand the simultaneous failure of two SSD drives. You are a Cloud+ consultant on the migration team. What storage technology would you recommend he implement?
RAID 6
RAID 6 is an extension of the capabilities of RAID 5. The added capability offered in the RAID 6 configuration is that a second parity setting is distributed across all the drives in the array. The advantage of adding the second parity arrangement is that RAID 6 can suffer two simultaneous hard drive failures and not lose any data.
Chapter 2 (page 78)
Erica created a company account on a public cloud and is configuring a MySQL database. What type of cloud service did she implement?
SaaS
Chapter 1
For redundancy, what are public clouds divided into?
Regions
Large cloud operations will partition operations into regions for fault tolerance and to offer localized performance advantages
Chapter 1 (page 27)
Liza works for a court recording firm that wants to store its records in the cloud with a specially developed application. A new cloud provider offers this service to all recording companies. What type of cloud model is this?
Community
Chapter 1
Tip of the Hat coffee company has deployed a custom cloud that is for their exclusive use. What type of delivery model did it deploy?
Private
Chapter 1
Jill is the storage administrator for her company’s private cloud. She is deploying a new storage array that groups multiple disks into one logical drive. What storage technology is this?
RAID
RAID (Redundancy Array of Independent Disks), by combining physical disks, you can achieve redundancy without having to sacrifice performance. The groupings of many disks can be used to create very large volumes.
Chapter 2 (page 75)
Chuck wants to migrate an internally developed application to the public clouds. The application runs on the Linux operating system. However, Chuck would prefer that the cloud provider take responsibilities for all operating system maintenance. What type of cloud service would you recommend?
PaaS
Chapter 1
Tom’s SQL database backend runs on a multi-CPU instance that often reaches 100 percent utilization. The database can operate on only a single server. What scalability model can he implement?
Vertical
Vertical scaling or scaling up will add resources such as CPU instances or more RAM. When you scale up, you are basically increasing your compute, network, or storage capabilities.
Chapter 7 (page 225)
What intrusion system will monitor but not act on an Internet-based attack?
IDS
Intrusion detection system (DS) are used to monitor network traffic looking for suspicious activity. The intrusion detection system will alert a management system or can be configured to send out e-mails or text notifications if an attack is discovered. However, the intrusion detection system will not take action to remedy the situation – it only monitors and reports.
Chapter 4 page 142
Dawn is a database administrator for her company’s cloud operations. She has created three read replicas in different availability zones and has selected a replication type that does not slow down the primary replica and has eventual consistency. What type of replication did she select?
Asynchronous
Chapter 1
During peak usage times, BigCo’s fleet of Internet-facing e-commerce servers often reach maximum CPU utilization. The managers like that the cloud is resilient enough to add and remove servers on demand. What type of scaling are they implementing?
horizontal
Horizontal scaling or scaling out adds more nodes instead of increasing the power of the nodes. With horizontal scaling, you will choose to add more servers to the existing configuration.
Chapter 7 (page 226)
Jeff has been monitoring resource usage increases in his web server farm. Based on collected trending data, there will be regular requirements to increase the capacity of Internet web servers as usage increases and to reduce the servers during periods of low utilization. Jeff wants to use the automation capabilities of the public cloud to automatically use the orchestration of software to add servers when there is a usage spike. What is the cloud service that
Auto-scaling
Scaling is adding capacity to your cloud deployment. To scale your cloud, you decide whether you need to scale up or scale out.
Chapter 7 (page 225)
During a change window, the server team was applying patches to an application, and the networking team was upgrading a router’s interface to 10Gbps. When the network was down, the server team complained that they could not download the needed software patches. During a post-downtime status meeting, it was determined that which process should be modified to prevent this from happening in the future?
Change management
Change management outlines policies and procedures and provides standardized process to follow, including recording the change, planning for the change, testing, documentation, approvals, evaluation and validation, instructions for backing out the change if needed, and post-change review if desired.
Chapter 7 (page 222)
What is the process called when a user enters their username and password to access a cloud-based server?
Authentication
Authentication is the process of determining the identity of a client usually by a login process. By authenticating the user, you learn the identity of that user and can authorize or grant permissions to cloud resources by either allowing or denying access to specific resources.
Chapter 2 (page 81)
BigCo has issued key fobs that have a small display that presents a numerical code that changes every two minutes. After you enter your username and password, you are now required to enter the currently displayed number. What type of authentication is this?
Two-factor authentication
The two-factor authentication includes something you have, which is the key fob, and something you know, which is your password.
Chapter 3 page 121
What type of scaling involves an existing server with another that has more capabilities?
Vertical
Vertical scaling or scaling up will add resources such as CPU instances or more RAM. Many applications, such as databases will perform better after a system has been scaled vertically. For example, a system that is CPU bound will perform better when scaling up with additional CPU cores. The same is true with applications that benefit from more RAM or higher Local Area Network (LAN) throughput.
Chapter 7 (page 225)
You are performing a security audit on a newly launched e-commerce site hosted on a private cloud. You are investigating the Internet-facing Windows servers and notice many user accounts are configured to the operations staff. what would you need to do to the unused accounts to harden the servers?
Disable the accounts.
The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted. Account disablement can be managed in the same manner as other account operations with a web front end or with the use of APIs for scripted and automated processes.
Chapter 7 (page 234)
Lynn is documenting the maintenance responsibilities between her company and its public cloud provider. She notices that the cloud provider takes responsibility for all operating updates and patches, and she needs to assume responsibility for the applications and services running on the operating system. What type of service model is she operating under?
PaaS
Platform as a Service (PaaS) offers the compute and operating system as a service and allows customers to install their applications on the cloud platform
Chapter 1 (page 9)
After a user authenticates to a system, what is it called when the user is given certain rights to access services?
Authorization
When a device or user has been identified through authentication systems, then they can be given authorization to perform their specific duties.
Chapter 2 (page 89)
The public cloud provider has ultimate responsibility for the integrity of your storage data. True or False?
False
Chapter 1
Darlan is developing a cross-cloud provider migration report as part of his company’s business continuity plan. As he assesses the feasibility of migrating application from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate?
SaaS
The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Chapter 1 (page 9)
A private cloud deployment is worried about its first line of defense against attacks to its Internet-facing e-commerce web servers. Delbert is a security consultant. What solution should he implement?
Firewall Firewalls are generally deployed between the cloud network and the cloud consumer for protection of unauthorized access into the networks. A firewall is either hardware based or a virtualized device that inspects network traffic and compares the traffic to the defined rules' list to determine whether that traffic is allowed. Chapter 2 (page 92)
Cloud capacity consumption can be measured by comparing current usage to what?
Baseline Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud. Baseline also are used to determine what is out of normal operations. You can use your baseline statistics as a reference, and if a counter has a variance above or below that value, it will be considered a serious issue. Chapter 1 (page 33)
What is a quick release of software to fix a critical issue called?
Hotfix
A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. A hotfix may be a customer-specific and not released to the public or available to everyone. Many times a hotfix is a bug fix that has been made quickly and did not follow the normal quality assurance or formal release procedure since the intention is for a rapid deployment.
Chapter 5 (page 162)
What cloud service provider document outlines assured system uptime and network performance guarantees?
Service Level Agreement
Service level agreement (SLA) is a document that outlines specific metrics an the minimum performance or availability level and outlines the penalties for failing to meet the metrics. The SLA will outline who owns the data and who owns the rights and responsibilities.
Chapter 2 (page 62)
Jonathan is asking you about a networking service he needs to make updates to. This service is used to translate human-readable names to network addresses understood by computers. What service is this?
DNS
Domain Name Service (DNS) server will have the domain name to IP address mapping and reply with the correct IP address for any given domain name. Think of this as a phonebook where you know the name of a business but not the number; the phone book provides the name-to-number lookup function.
DNS uses well-known port 53.
Chapter 2 (page 91)
When architecting a database server migration, Herb is working to properly size the virtual servers he is implementing. What virtual pool should he focus on to make sure there are no write latencies to the database?
Storage
Chapter 1
Combining several companies’ user directories together for a unified cloud authentication service is called what?
Federations
Identity systems using federations allow multiple organizations to use the same data for identification when accessing the network’s or resources of everyone in the group.
Chapter 2 (page 90)
The establishment of average usage over time is the data that gets collected for what type of cloud reporting?
Baseline
Baseline collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud.
Chapter 1 (page 33)
What technology enables the widespread deployment of cloud offerings?
Automation
Chapter 1
An intern at your company is asking about the mappings between the layer 2 MAC address and the gateway router. He wants to verify that the VM has the correct network mapping information. Which utility would you tell him to use to gather this information?
A. dig
B. ipconfig
C. arp
D. netstat
ARP
ARP is the protocol that determines the mapping of an IP address to the physical MAC address on a local network. The mappings can be seen with the arp command-line utility.
dig is used for DNS resolution, ipconfig shows the network adapter parameters, and netstat shows connection.
Chapter 10
Sharon is unable to reach her Linux-based web server hosted in the Singapore zone of the cloud. She is located in Austin, Texas. What utility can she use to verify the connection path?
A. traceroute B. ipconfig C. arp D. netstat E. ping F. tcpdump G. route print
traceroute
The traceroute and tracert utilities are useful for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. The other answers were all incorrect as they do not provide network path data.
Chapter 10
The backend fleet of web servers is intermittently failing load balancer health checks and dropping out of the pool. You are involved in troubleshooting and begin your investigation by making sure the web application is operational. What approach are you undertaking?
A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation
Top down
The top-down approach references the OSI model; it starts at the application layer and works downward until the problem is identified. The application is checked first, and if that is operational, you continue to work down the network stack until you identify the problem.
Chapter 10
Your web servers have lost communications to the SQL backend database on your e-commerce public website. You have been brought in to assist in resolving the problem. After reviewing the log files and the monitoring system, you suspect it may be a network related issue. You devise a series of tests that start with checking the server’s connection to the database. What troubleshooting approach are you implementing?
A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation
Bottom up
The bottom-up approach starts at the lowest level of the ISO model with the physical network connections, such as cabling, and works upward by investigating VLANs, IP addressing, and so on, until the issue is located.
Chapter 10
A middleware application running in the cloud is reporting session drops in its log files. You need to quickly resolve the issue and get the server back online. You decide to run ping and traceroute tests on the server as your first line of troubleshooting. What approach are you using?
A. Top down B. Bottom up C. Divide and conquer D. Evaluation E. Validation
Divide and conquer
The divide-and-conquer troubleshooting approach starts in the middle of the OSI network stack and, depending on the result, directs future tests. In this case the troubleshooter began at the network layer, which is in the middle of the OSI model. This is the divide-and conquer approach.
Chapter 10
What are common troubleshooting steps? (Choose all that apply.)
A. Gather information B. Distill the issue C. Research D. Create a plan of action E. Test and verify
Gather information Distill the issue Research Create a plan of action Test and verify
All of the answers given are common troubleshooting steps.
Chapter 10
Your cloud provider’s data center is in an industrial park with no company signage, extensive video cameras in the parking lot, and biometrics at the guard shack. What type of security is the provider implementing?
A. Building
B. Device
C. Infrastructure
D. Tunneling
Infrastructure
Infrastructure security is the hardening of the facility and includes the steps outlined in the question including nondescript facilities, video surveillance, and biometric access.
Chapter 10
What AWS objects acts like a firewall and is used to define inbound and outbound port and application protocol access to cloud services?
A. Security Group
B. WAF
C. Cloud Watch
D. Sentry
A. Security Group
Finals #49
Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support?
A. IaaS
B. SaaS
C. DaaS
D. PaaS
B. SaaS
Finals #1
A software development company is building cloud-ready applications and needs to determine the best approach for releasing software. Which of the following approaches should be used?
A. Develop, test, perform QA, and release to production.
B. Perform QA, develop, test, and release to production.
C. Develop, perform QA, and release to production.
D. Test, perform QA, develop, and release to production.
A. Develop, test, perform QA, and release to production.
Finals #24
Which of the following allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data?
A. Synchronous replication
B. Volume sync
C. Remote mirroring
D. Asynchronous replication
A. Synchronous replication
Finals #26
Rebekah has been tracking the performance metrics on a busy NoSQL database server that has heavy write operations of large files from the second-tier application servers. She is concerned that network utilization is approaching 100 percent of the available network bandwidth. What action should she take that will resolve the problem?
A. Update the network adapter’s firmware
B. Implement 802.1Q tagging
C. Install a second network adapter
D. Install a network co-processor ASIC
C. Install a second network adapter
Finals# 35
Which of the following creates a shell or session with a remote system, offers strong authentication methods, and ensures that communications are secure over insecure channels?
A. SMTP
B. VPN
C. SSH
D. ARP
C. SSH
Finals# 44
A solutions architect is designing an online shipping application running in a VPC on EC2 instances behind an ELB application load balancer. Each EC2 instance accesses a database on a private subnet. The architect wants to ensure zone failure fault tolerance of the EC2 instances. What must the architect do to ensure this?
A. Ensure the Internet Gateway has been configured for load balancing.
B. Ensure the EC2 instances are on separate subnets and each subnet is in a different availability zone.
C. Ensure that autoscaling has been implemented for each EC2 instances.
D. Ensure the EC2 instances and database servers are on different subnets.
B. Ensure the EC2 instances are on separate subnets and each subnet is in a different availability zone.
Finals# 46
