Finals Flashcards

Question

Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN)? A. Full backup B. Cloning C. Snapshot D. Replicate

Answer 1

B. Cloning Cloning creates an identical copy of the data that may be storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN). Answer A is incorrect. Full backups are generally performed on a routine backup schedule. Answer C is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored in ti. Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations. Chapter 5 page 168 (Week 4 #07)

Answer 2

C. Incremental Incremental backups are operations based on changes on the source data since the last incremental backup was performed. Answer A is incorrect. Full backups are generally performed on a routine backup schedule. Answer B is incorrect. Differential backups allow for an efficient and significantly smaller backup operations. Answer D is incorrect. Online backups offer an always available method to store and retrieve data. Chapter 5 page 169 (#10)

Answer 3

C. Process scheduling The process scheduling is the activity of the process manager that handles the removal of the running process and the selection of another process on the basis of a particular strategy. It is an essential part of Multiprogramming operating systems. Answer A is incorrect. Business continuity is defined set of planning and preparatory activities that are used during a serious incident or disaster to ensure that an organization's critical business functions will continue to operate or will be recovered to an operational state within a reasonably short period. Answer B is incorrect. Asynchronous replications works off a s store-and forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the the primary storage system in the primary storage facility or cloud location. Answer D is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Week 4 - Chapter 5 (#12)

Answer 4

C. Workflow Workflow automation defines a structured process for a series of actions that should be taken to complete a process. With a cloud-based workflow services, special workflow applications are offered as a managed service that creates a defined sequence of events, or workflow, with each procedure tracked and passed to the next process in the workflow. Answer A is incorrect. Network Time Protocol (NTP) allows all devices to synchronize to a central clock or time service. Answer B is incorrect. Application programming interface (API) defines how software components interact with each other. Answer D is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Chapter 5 page 163 (Week 4 #13)

Answer 5

A. DNS B. DHCP D. FTP The network disaster recovery services that need to be addressed are DNS (Domain Name Services), DHCP (Dynamic Host Configuration Protocol), FTP (File Transfer Protocol), Active Directory, RADIUS( Remote Authentication Dial-In User Services), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage. Answer C is incorrect. Secure Shell (SSH) is an encrypted command-line interface utility used to access a remote device. Answer E is incorrect. Internet Protocol Security (IPsec) is a set of open, non-proprietary standards that can use to secure data as it travels across the network or the Internet through data authentication and encryption. Chapter 6 page 186 (Week4 #20)

Answer 6

C. Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing a post-change review if desired. Answer A is incorrect. Mean time system recovery (MTSR) is the time for a resilient system to complete a recovery from a service failure. Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying service patches and updates. Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Chapter 7 page 222 (Week5 #03)

Answer 7

B. It is recommended for non-critical applications that handle non-sensitive information. C. It is an application deployment model in a hybrid cloud setup. D. It is used to move out applications to the public cloud to free up local resources to run business applications. Here are the correct statements about cloud bursting: It is recommended for non-critical applications that handle non-sensitive information. It is an application deployment model in a hybrid cloud setup. It is used to move out applications to the public cloud to free up local resources to run business applications. Answer A is incorrect. One of the major limitations of cloud bursting is that the designated public cloud platform should be fully compatible with the private cloud to successfully run the bursting applications. Chapter 7 page 224 (Week5 #11)

Answer 8

D. Bursting Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity. Answer B is incorrect. Vertical-scaling adds resources such as CPU instances or more RAM. Answer C is incorrect. Auto-scaling is the automated process of adding and removing capacity. Chapter 7 page 224/225 (Week5 # 23)

Answer 9

D. DDoS Cloud bursting is a hybrid model which is designed to use public cloud processing during times of increased load. This is often an economical approach to accessing additional resources when required. It can alleviate distributed denial of service (DDoS) attacks. DDoS attack uses multiple computer on disparate networks to launch the attack from many simultaneous sources. Answer A is incorrect. Brute force is an attack which the attacker uses password-cracking software to attempt every possible alphanumeric password combination. Answer B is incorrect. Cross-site scripting (XSS) is a web application attack where the attacker takes advantage of scripting and input validation vulnerabilities in an interactive website to attack legitimate users. Answer C is incorrect. Buffer overflow is an application attack that exploits fixed data buffer sizes in a target piece of software by sending data that is too large for the buffer. Chapter 7 page (Week5 # 28)

Answer 10

D. Jitter Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real time traffic such as voice and video networks. Answer A is incorrect. Latency is the time for a packet to travel from source to destination. Answer B is incorrect. Packet loss is the percentage or number of packets that are dropped in the network. Answer C is incorrect. Quality of Service (QoS) defines traffic priorities in the event of network congestion or impairments. Chapter 8 page 248 (Week 6 #03)

Answer 11

B. Install a second network adapter If a server is using all of its network bandwidth, then the most logical solution is to add more. You can do this by installing a second network adapter and connecting it to a different subnet. The other solutions could conceivably address the problem but the success is less likely. Chapter 8 (Week 6 #01)

Answer 12

D. Vertical scaling Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer A is incorrect. Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems. Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer D is incorrect. Chapter 8 page 253 (Week 6 #02)

Answer 13

A. Horizontal scaling Horizontal scaling is the process of adding cloud capacity by expanding your current server fleet by adding systems, compared to vertical scaling, which is replacing servers with a larger instance that meets your new requirements. It works well for applications that are designed to work in parallel such as web servers. Answer B is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer C is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer D is incorrect. Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Chapter 8 page 254 (Week 6 #04)

Answer 14

A. CPU C. RAM D. Network I/O Server performance can be increased by adding additional CPU processing, memory, and network capacity. SLA, ACL, and DNS are not related to increasing server capacity. Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer E is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resources, which is associated with the Internet or a private network. Chapter 8 page (Week 6 #05)

Answer 15

Resource pooling Resource pooling is when the cloud service provider allocates resources into a group, or pool and then these pools are made available to a multitenant cloud environment Chapter 1 (page 16)

Answer 16

Virtualization Chapter 1

Answer 17

IaaS Chapter 1

Answer 18

Virtual switch Chapter 1

Answer 19

Hybrid Chapter 1

Answer 20

A. CPU C. RAM D. Network I/O Server performance can be increased by adding CPU processing, memory, and network capacity. Answers B, E, and F are incorrect. SLA, ACL, and DNS are not related to increasing server capacity. Chapter 2

Answer 21

C. Private A private cloud model is used by a single organization but it may be used by many units of a company. It can be wholly owned by the organization, a third-party provider, or a combination. It can also be hosted either on-site or off-premise at a hosting facility and is usually identified as using dedicated hardware rather than a shared hardware design. Answer A is incorrect. In a hybrid cloud, more than one cloud service is utilized. Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer D is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources. Chapter 2

Answer 22

C. VPN Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create business-to-business connections that use a public network and save the expense of a private dedicated circuit. Answer A is incorrect. Direct peering is used to establish a direct peering connection between the two parties. Answer B is incorrect. The intrusion detection system (IDS) alerts a management system or is configured to send out e-mails or text notifications if an attack is discovered. Answer D is incorrect. AES-256 is a storage encryption algorithm which is used to encrypt the data at rest and in transit. Answer E. is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Windows devices. Microsoft calls the application Remote Desktop Services. Chapter 2

Answer 23

C. VPN Virtual private network (VPN) allows for a secure encrypted connection over an insecure network such as the Internet. It is commonly used for encrypted access to cloud services from a remote location. It is also used to create a business-to-business connections that use a public network and save the expense of a private dedicated circuit. Answer A is incorrect. Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance a requirements of web, DNS, FTP servers; firewalls, and other network services Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer D is incorrect. A firewall is installed inline in a network so that all traffic must pass through it as it transits from one network to another. Chapter 2

Answer 24

Multifactor Multifactor or multilayer authentication adds an additional layer of authentication by adding token-based system in addition to the traditional username and password authentication. Chapter 2 (page 92)

Answer 25

P2V P2V (physical-to-virtual) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor. Chapter 2 (page 83)

Answer 26

Obfuscation Obfuscation is a technique used to increase the security of storage data by making it difficult to read legitimate data stored in files. Using obfuscation processes on storage systems makes it difficult for hackers or hijackers to make sense of the stored data because the data is so deeply buried (obfuscated) with random data that it is hard to determine what is actual data and what is not. Chapter 2 (page 79)

Answer 27

B. Disable the services that are not in use If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points. Answer A is incorrect. Removing the services is not an appropriate solution for the given scenario. Answer C is incorrect. Antivirus software is an application that runs on a computer that can identify and remove viruses or malicious software from a system. Answer D is incorrect. Implementing host-based firewall security would not solve the problem. Chapter 3 page 114

Answer 28

B. HIPAA The Health Insurance Portability and Accountability Act defines the standard for protecting medical data. Answer A is incorrect. The Service Organization Controls 3 (SOC 3) reports are for public disclosure of financial controls and security reporting. Answer C is incorrect. The Motion Picture Society of America Act (MPAA) published a set of best practices for storing, processing, and delivering protected media and content securely over the Internet. Answer D is incorrect. The Internal Security Act allows for detention without trial or criminal charges under limited, legally defined circumstances. Chapter 3 page 107

Answer 29

B. Single sign-on You should use single sign-on (SSO), which is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. It authenticates the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. It is helpful for logging user activities as well as monitoring user accounts. Answer A is incorrect. Multifactor authentication is an access control technique that requires several pieces of information to be granted access. Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to, or restricted from users based on which roles they perform in an organization. Answer D is incorrect. Mandatory access control (MAC) approach is often found in high-security environment where access to sensitive data needs to be tightly controlled. Chapter 3 page 122

Answer 30

Groups User groups are containers that rights are assigned to. They make management more effective and streamlined than managing a large number of individual user accounts. The trick is to create a group for each use case that is needed. For example, groups can be created for the following: sever, database, network, and storage administrators. Once the groups have been created, rights for the group that are required to access and manage objects are assigned to the group Chapter 3 page 117

Answer 31

HIPAA HIPAA is the Health Insurance Portability and Accountability Act. HIPAA defines the standard for protecting medical patient data. Companies that work with protected health information must ensure that all the required physical, network, and process security measures are in place and followed to meet HIPAA compliance requirements. Chapter 3 page 107

Answer 32

Security policy A security policy is a document that defines your company's cloud controls, organizational policies, responsibilities, and underlying technologies to secure you cloud deployment. Chapter 3 page 104

Answer 33

Intrusion prevention system Intrusion prevention system is more advanced than the IDS and can actively take measures to mitigate the attack with configuration scripts and methods to stop an attack that is underway. The IPS communicates with network devices such as routers and firewalls to apply rules to block the attack. Chapter 4 page 142

Answer 34

key fob and smartphones Hardware tokens are popular devices that allow you to access your authentication token; they are small devices that usually fit on a keychain and have a small screen that display a changing ID number. This ID token is usually valid for only a few minutes at most and needs to be typed into the authentication dialog box along with your username and password. Chapter 4 page 135

Answer 35

dashboard A common dashboard published by cloud companies shows the health of the operations in real time and is accessed using a web browser. One important use of alerting is for automation of troubleshooting, where a management application can alert an application to perform troubleshooting and problem resolution on the issue reported from the management application. Chapter 4 page 139

Answer 36

Host intrusion detection system Host-based intrusion detection systems (HIDS) perform the same security functions as network based systems but run exclusively on each host computer or hypervisor. With IaaS deployments, you will have full control over the operating systems and their configurations in your deployment. This gives you the ability to install your preferred HIDS applications. For PaaS and SaaS, host based intrusion detection and prevention systems will be the responsibility of your cloud service provider. Chapter 4 page 143

Answer 37

B. PaaS Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer A is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer C is incorrect. Storage area network (SAN) is a specialized, high-speed network that provides block-level network access to storage. Answer D is incorrect. Communications as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other. Chapter Week 5 #1

Answer 38

B. Variance Variance is the measurement of the spread between the baseline and measured result. Answer A is incorrect. mean time to repair (MTTR) is the time required to repair a damage hardware component. Answer C is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Answer D is incorrect. Elasticity is the ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity. Chapter 7 page 217

Answer 39

A. Baseline A baseline is a record of a device's performance statistics under normal operating conditions. A network baseline documents the network's current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance. Answer B is incorrect. The SOC 2 report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process. Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Chapter 7 page 217

Answer 40

D. SaaS Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-manage application as well as the underlying platform and infrastructure support. Answer A is incorrect. Infrastructure as a Service (IaaS) offers computing hardware, storage, and networking but not the operating systems or applications. Answer B is incorrect. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. Answer C is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other commutation services. Chapter 7 page 222

Answer 41

A. Vertical scaling B. Horizontal scaling D. Cloud bursting Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options to use elasticity to scale cloud operations including vertical and horizontal scaling and cloud bursting. Answer C is incorrect. Variance is the measurement of the spread between the baseline and measured result. Answer E is incorrect. Trigger is the process of initiating and event report based on a metric value or threshold that is considered to be outside your baseline. Chapter 7

Answer 42

C. Elasticity Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer B is incorrect. Variance is the measurement of the spread between the baseline and measured result. Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Chapter 7 page 228

Answer 43

Differential A differential backup uses the latest full backup as a source data set, and with each additional sequential backup operation the differential backup will identify and back up only the data that has been modified since the last backup was performed. This allows for an efficient and significantly smaller backup operation. Chapter 5 (page 169)

Answer 44

Patch A patch is an update that fixes a known bug or issues. The patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Chapter 5 (page 162)

Answer 45

Clone Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or a logical unit number (LUN) on a storage area network (SAN). Advantages of cloning include a complete image being available for restoration. Storage efficiency is very low as a clone takes as much storage space as the original source since all of the data is copied in the clone operation. Chapter 5 (page 168)

Answer 46

Snapshot Storage snapshot are a point-in-time copy of storage volume or image that can be used as a backup to shorten recovery time objectives (RTOs) and recovery point objectives (RPOs). The snapshot is a file-based image of the current state of a VM, including the complete operating systems and all applications that are stored on it. Chapter 5 (page 164)

Answer 47

Shutdowns and restarts The restart process can be monitored through the management systems and dashboards that are offered by the cloud provider. A shutdown may be desired if you choose to retain the VM and its applications but do not need it to be active. Chapter 5 (page 166)

Answer 48

A. PDF C. Excel Cloud providers are aware of policy reporting and offer services to assist you in collecting and presenting reports. These services are cloud-based and can be remarkably customizable. They are presented in a graphical format in a web browser dashboard. Also, the reports can be exported to Excel or PDF format. Answer B is incorrect. JavaScript Objection Notation (JSON) is a lightweight data-interchange format standard that is easily readable and for computing systems to parse and generate. Answer D is incorrect. Graphical user interface (GUI) is a graphical representation commonly used to create, configure, manage, and monitor cloud resources and services. Answer E is incorrect. Command-line interface (CLI) is a text-based interface tool used to configure, manage, and troubleshoot devices. Chapter 8 page 255

Answer 49

C. SLA The service level agreement (SLA) is a document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics. Answer A is incorrect. Quality of service (QoS) defines traffic priorities in the event of network congestion or impairments. Answer B is incorrect. The Remote Desktop Protocol (RDP) allows remote access to Window devices. Answer D is incorrect. A Virtual Private Cloud (VPC) is a hybrid model in which a private cloud solution is provided within a public cloud provider's infrastructure. Chapter 8 page 251

Answer 50

C. There is a time synchronization issue. In modern computer networks, time synchronization is critical because every aspect of managing, securing, planning, and debugging a network involves determining when events happen. Without synchronized time, accurately correlating log files between these devices is difficult, even impossible. The Network Time Protocol (NTP) is an Internet protocol that synchronizes the clock times of devices in a network by exchanging time signals. It works on the Application layer (Layer 7) on the OSI model and the Application layer of the TCP/IP model. It runs continuously in the background on a a device, NTP sends periodic time requests to servers to obtain the server time stamp and then adjusts the client's clock based on the server time stamp received. Chapter 9 page 272

Answer 51

C. There is an application compatibility issue. Roll back the previous working backup. With so many components and with each service in the cloud being driven by software automation, it is inevitable that there are going to be software compatibility issues. One moment everything is working fine, and then after the overnight changes, nothing seems to work. This can often be trace to incompatibility between orchestration or automation tools and the systems they are intended to communicate with. A rollback is the process of returning software to a previous state. If a software update failed, did not correct the issue as expected, or introduced new issues that require you to downgrade the system to its original state, then a rollback should be performed. Chapter 9 page 278

Answer 52

A. RAM B. CPU Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as your cloud compute requirements grow. Answers C and D are incorrect. Power and PaaS are the cloud resources that are not fully utilized over time. Chapter 9

Answer 53

A. Orchestration Orchestration is a process which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features. Answer B is incorrect. Thin provisioning is used to allow a virtual disk for allocating and committing storage space on demand. Answer C is incorrect. Thick provisioning allows you to allocate or reserve storage space while initially provisioning the virtual disk. The allocated storage space for the thick-provisioned virtual disk is guaranteed. This operation ensures that there re no failures because of lack of storage space. Answer D is incorrect. The ability to identify who a user is, usually during the login process, is called authentication. Chapter Week 6 # 27

Answer 54

B. IaaS Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource computing equipment purchases and running their own data center. It is an arrangement in which, rather than purchasing equipment and running your own data center, you rent those resources as an outsourced service. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components. Answer A is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer C is incorrect. Software as a Service (SaaS) enables a service provider to make application available over the Internet. It eliminates the need to install software on user devices, and it can be helpful for mobile or transient workforces. Answer D is incorrect. Identity as a Service (IDaaS) is an authentication infrastructure which provides single sign-on capabilities for the cloud. Chapter 1

Answer 55

B. PaaS Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. Answer A is incorrect. Communication as a Service (CaaS) is an outsourced enterprise communication solution that can be leased from a single vendor. Answer C is incorrect. Network as a Service (NaaS) provides network-based services through the cloud, including monitoring and Quality of Service (QoS) management. Answer D is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Chapter 1

Answer 56

D. Community A community cloud is where multiple organization from a specific community with common interests share the cloud infrastructure. Examples may be community cloud sites deployed for medical, financial, or e-commerce sites that all share common use case architectures. Answer A is incorrect. In a hybrid cloud, more than once cloud service is utilized. Answer B is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer C is incorrect. A private cloud is operated and reserved by a single organization. Chapter 1

Answer 57

B. Baselines Baselines collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud. Answer A is incorrect. Vulnerability scanning is used to find objects in your cloud deployment that can be exploited or are potential security threats. Answer C is incorrect. Penetration testing is the process of testing you cloud access to determine whether there is any vulnerability that can attacker could exploit. Answer D is incorrect. Load testing determines how your applications and cloud deployment can be expected to perform in times of heavy production usage. Chapter 1

Answer 58

Charge backs Chapter 1 (page 255)

Answer 59

On-demand On-demand cloud services allow the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required. Chapter 1 (page 26)

Answer 60

B. 2:1 According to the questing this would be a 2:1 over commitment. The concept of overcommitting is based on the assumption that not all servers will use the memory assigned to them. This unused memory is dynamically allocated to the other VMs that require additional RAM for operations. Answers A, C, and D are incorrect. These are not the correct over commitment ration according to the question. Chapter 2 (page 65)

Answer 61

C. Metadata Metadata is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search data inside the file. Answer A is incorrect. Object ID is a pointer to a stored piece of data and is a globally unique identifier for the stored data. Answer B is incorrect. Extended metadata includes a long list of data that can be attached to a data file. Answer D is incorrect. Thick provisioning is the allocation of all the requested virtual storage capacity at the time the disk is created. Chapter 2 page 69

Answer 62

Tiering Data can have different requirements, such as how critical it is, how often it needs to be accessed, geographical placement or encryption, and security requirements. Different storage tiers can be defined and assigned to best meet the levels of storage the cloud customer may require. Chapter 2 (page 72)

Answer 63

Block Block storage offers a high utilization rate. Chapter 2

Answer 64

DMZ Demilitarized zone (DMZ) is a section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally. The DMZ is a special network security zone that exposes a cloud's computers to the the Internet. A DMZ will be created and configured on a firewall as a network hosting applications, such as mail, DNS, FTP, or webservers that should not be placed on the internal network but also should not be exposed directly to the Internet without security protection. Chapter 2 page 50

Answer 65

D. SAN A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. It moves storage resources off the network and reorganizes them into an independent, high-performance network. It is a high-speed network dedicated to storage transfers across a shared network. Answer A is incorrect. RAID 5 has parity information that is striped across multiple drives that allows the drive array to be rebuilt if a single drive in the array fails. Answer B is incorrect. Zoning is a SAN network security process that restricts storage access between initiators and targets. Answer C is incorrect. Virtual Machine File System (VMFS) facilitates storage virtualization for multiple installations of VMware ESX Server. Answer E is incorrect. Direct-attached Storage (DAS) is computer storage that is connected to one computer and not accessible to other computers. Chapter 2

Answer 66

C. WAF A web application firewall (WAF) is a firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications. Answer A is incorrect. A demilitarized zone (DMZ) is established in order to permit the outside Internet to access public information of the enterprise network. Answer B is incorrect. Secure shell (SSH) is a program that enables a user or an application to log on to another computer over a network, execute commands, and manage files. Answer D is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signature and behavior. Chapter 3/4 Week 3 #30

Answer 67

B. VSAN D. LUN Masking Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods. Answer A is incorrect. Access control list (ACL) is a set of data (usernames, passwords, time and date, IP address, MAC address, and so on) used to control access to a resource, such as a device, file, or network. Answer C is incorrect. Public key infrastructure (PKI) is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/ private key encryption. Chapter 3 page 118

Answer 68

B. Mandatory The mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using mandatory access control approach, a user will authenticate, or log into a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing the data against the security properties of the system being accessed. Answer A is incorrect. Discretionary access control is different from mandatory access control by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by the mandatory access controls. Answer C is incorrect. Role-based access control (RBAC) is a method in which access rights are granted to or restricted from, users based on which roles they perform in an organizations. Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system or services in the cloud. Chapter 3 page 120

Answer 69

A. Corrective Corrective security control is a security measure that controls attempt to get the system back to normal. This is intended to limit the extend of any damage caused by the incident by recovering the organization to normal working status as efficiently as possible. It includes restoring operating system or data from a recent backup, updating an outdated antivirus and installing a fix. Answer B is incorrect. Detective security control is a security measure that helps to detect any malicious activities. It does not stop or mitigate intrusion attempts; it only identifies and report them. Answer C is incorrect. Preventive security control is a security measure that prevents a malicious action from occurring by blocking or stopping someone or something from doing or causing so. Answer D is incorrect. Physical security control is a security measure that restricts, detects, and monitors access to specific physical areas or assets. Chapter 3/4 Week 3 #29

Answer 70

C. FIPS 140-2 FIPS 140-2 is a National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules. Cryptographic systems can be either hardware or software created in the public sector and are registered in FIPS-140-2 as approved for U.S. government use. Answer A is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities. Answer B is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) outlines the standards for security assessments, authorization and continuous monitoring for cloud products and services. Answer D is incorrect. The Payment Card Industry Data Security Standard (PCI-DSS) sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data. Chapter 3 page 106

Answer 71

Disable the services One of the basic tenets of securing a network is that if you do not need it, turn it off. When you install a new operating system, many applications' services that you never use may be enabled and running an may expose your system to malicious attack. To harden the system, you must determine which ports and services are running on the machine and investigate whether they are required for the server's purpose. If the service provides no use or value, it should be shut down to make the server as secure as possible. Chapter 3 page 114

Answer 72

Automation Automation is the glue that makes all the cloud economics and operations possible. By implementing a well-defined agreed-upon set of software interfaces that allow devices to intercommunicate with each other, the magic of cloud computing can happen. Chapter 4 page 137

Answer 73

Application programmable interface An application programming interface (API) is defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from physical devices to the applications and everything in between. Without APIs, there can be no automation! Chapter 4 page 138

Answer 74

Ephemeral If the virtual machine is deleted of stopped, a nondurable storage will be lost. Sometimes referred to as ephemeral volumes in that it gets deleted when the associated VM goes away. Chapter 4 page 133

Answer 75

C. DHCP Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides the dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC address of a network device. It provides automatic assignment of IP addresses and other TCP/IP configuration information. DHCP uses port 68 as the default port. Answer A is incorrect. Network Address Translation (NAT) allows the use of a private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer B is incorrect. Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name. Answer D is incorrect. Internet Protocol Security (IPsec) is used to secure data as it travels across the network or the Internet through data authentication and encryption. Chapter 3/4 Week 3 #27

Answer 76

B. Patch A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer A is incorrect. A rollout is a patch deployment process of replacing a software product with a newer version of the same product. Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem. Answer D is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Chapter 5 page 162

Answer 77

A. Chef C. Ansible E. Puppet Answers A, C, E are correct. Common patch management offerings such as Chef, Puppet, Openstack, and Ansible are examples for automation packages that offer patching services. Answers B, D, and F are incorrect. Cloud-patch, DevOps, and cloud deploy oar not used for patch management. Chapter 5 page 165

Answer 78

A. Hotfix A hotfix is a software update type that is intended to fix an immediate and specific problem. Answer B is incorrect. A patch is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations. Answer C is incorrect. A version update is the process of replacing a software product with a newer version of the same product. Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch. Chapter 5 page 162

Answer 79

C. Clone Cloning takes the master image and clones it to be used as another separate and independent VM. Important components of a server are changed to prevent address conflicts; these include the UUID and MAC addresses of the cloned server. Answer A is incorrect. Full backups are generally performed on a routine backup schedule. Answer B is incorrect. A snapshot is a file-based image of the current state of a VM including the complete operating systems and all applications that are stored on it. Answer D is incorrect. Replicas are backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations. Chapter 5 page 168

Answer 80

Orchestration Orchestration systems play a critical role in cloud operations that goes beyond just security to many other tasks such as the day-to-day maintenance of operations. Orchestration systems coordinate and process tasks, functions, and workflows of cloud operations without the need for human intervention. Orchestration is often described a a service-oriented architecture, automated provisioning, converged infrastructure, or dynamic data center. Chapter 5 page 164

Answer 81

Cluster A cluster is a group of servers operating in tandem that often appear as a single larger system. Clusters can be managed as a single larger system instead of many small servers grouped together. This allows for central point of management that simplifies operation. You can mange a cluster as a complete system and not be concerned with all of the individual system. The devices in the cluster work together to support a high availability platform for applications and services. If a node in a cluster fail, other nodes would pick up the operations and continue without downtime. Chapter 5 page 160

Answer 82

B. RTO C. RPO The restore point and restore time objectives are the measurements for the amount of data lost and time needed to get back online after an outage. Answer A is incorrect. The regional support office (RSO) is a regional or national center of expertise that is set up within an existing entity. Answer D is incorrect. Disaster recovery (DR) is an area of security planning that aims to protect an organization from the effects of significant negative events. Answer E is incorrect. VxRestore command is used to restore files previously copied to a tape. Chapter 6 page 184

Answer 83

B. Warm site A warm site approach to recovering from a primary data center outage is when the remote backup of the site is offline except for critical data storage, which is usually a database. Answer A is incorrect. A hot site is a fully functional backup site that can assume operations immediately should the primary location fail or go offline. Answer C is incorrect. A cold site is a backup data center provisioned to take over operations in the event of a primary center failure, but the servers and infrastructure are not deployed or operational until needed. Answer D is incorrect. An Active/passive configuration provides the ability to deal with either planned or unplanned service outages. Chapter 6 page 167

Answer 84

C. Cloud customer Ultimately the responsibility for data in the cloud belongs to the organization that owns the data. Answer A is incorrect. Cloud providers are responsible for the core network in their facilities which include the connections to the Internet and high-speed fiber links that interconnect cloud zones and regions. Answer B is incorrect. Compliance agency is responsible for conforming to a rule, such as specification, policy, standard or law. Answer D is incorrect. The shared responsibility model outlines what services and portions of the cloud operations that cloud consumer and provider are responsible for. Chapter 6

Answer 85

C. Disable the accounts The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted. Answers A, B,D, E and F are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted. Chapter 6 page 199

Answer 86

B. Edge location Edge location are not complete cloud data centers. There are cloud connection points located in major cities and offer local caching of data for reduced response times. Answer A is incorrect. A region is not a monolithic data center but rather a geographical area or presence. Answer C is incorrect. The actual data centers in ear region are referred to as availability zones. Answer D is incorrect. Replication is the transfer and synchronization of data between multiple data centers. Chapter 6 page 194

Answer 87

Archive Data archiving moves inactive data, or data that is no longer being used, to a separate storage facility for a long-term storage. Chapter 6 page 191

Answer 88

Orphaned resources Orphaned resources are cloud-based services that are left over when a service terminates and are no longer needed or used. When you enable cloud-based resources such as a servers, storage arrays, load balancers, content distribution, DNS, databases, or any other offerings, you may find it to be a challenge to monitor and manage all of these resources. When a service is no longer being used or was enabled for a short period of time, it is all too frequently the case that the service do not get terminated properly and remain active and chargeable even if they are not being used. Chapter 6 page 200

Answer 89

D. Variance Variance is referred to as the measurement of the difference between the current reading and the baseline value. Answer A is incorrect. Baseline is used in capacity planning to determine whether additional cloud capacity is required based on usage and consumption information collected over time. The establishment of average usage over time is the data that gets collected for a baseline report. Answer B is incorrect. A metric is a standard of measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement. Answer C is incorrect. Smoothing is used to smooth out isolated events or short-term variations. Chapter 7 page 217

Answer 90

D. Baseline A baseline measurement is used as a reference to determine cloud capacity increases and decreases. Answer A is incorrect. Orchestration systems enable large-scale cloud deployments by automating operations. Answer B is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the event. Answer C is incorrect. The NTP (Network Time Protocol) allows all devices to synchronize to a central clock or time service. Answer E is incorrect. The API (application programming interface) is a defined means to programmatically access, control, and configure a device between different and discrete software components. Chapter 7 page 217

Answer 91

Change management Change management is the process of managing all aspects of the ongoing changes, upgrades, repairs, and reconfigurations. Change management involves planning and managing changes to minimize any disruptions of services. Chapter 7 page 222

Answer 92

Elasticity The ability to automatically and dynamically add resources such as storage, CPUs, memory, and even servers is referred to as elasticity. The done "on the fly" as needed and is different from provisioning servers with added resources that may be required in the future. Chapter 7 page 228

Answer 93

False Vertical scaling or scaling up will add resources such as CPU instances or more RAM. Many applications, such as databases will perform better after a system has been scaled vertically. For example, a system that is CPU bound will perform better when scaling up with additional CPU cores. The same is true with applications that benefit from more RAM or higher Local Area Network (LAN) throughput. Chapter 7 page 225

Answer 94

C. Baseline The establishment of average usage over time is the data that gets collected for a baseline report. Answer A is incorrect. A metric is a standard or measurement that defines the conditions and the rules for performing a measurement and for understanding the results of the measurement. Answer B is incorrect. Variance is referred to as the measurement of the difference between a current reading and the baseline value. Answer D is incorrect. Smoothing is used to smooth out isolated events or short-term variations. Chapter 7 page 217

Answer 95

B. Federation Federation or federated identity, is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems. SSO (single-sign on) is an example of federation. Answer A is incorrect. A PKI (public key infrastructure) is a cryptographic technique that enables users to securely communicate on an insecure public network. Answer C is incorrect. Obfuscation refers to method used to semantically preserve transformation of a data payload into such a form that hides extraction of information from the data. Answer D is incorrect. Multifactor authentication, also knows as two-factor authentication, is an attempt to maximize security and minimize unauthorized access. Chapter 7 page 231

Answer 96

C. Implement a network ACL A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL. Answer A is incorrect. A host bust adapter (HBA) is an adapter that provides input/output (I/O) processing and physical connectivity between a server and a storage device. Answer B is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public network connection such as the Internet. It is a secured network connection made over an insecure network. Answer D is incorrect. Content filtering is a method of setting limits on user browser sessions. It can be based on location, time, and user privileges. With this option, administrators have the flexibility to whitelist and blacklist websites and applications so that employees are limited to browsing trusted websites. Chapter 7 page 232

Answer 97

C. Configure security groups A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act as the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups. Answer A is incorrect. A host-based intrusion prevention system (HIPS) is a type of IPS that monitors a computer system for unexpected behavior or drastic change to the system's state and reacts in real time to block it. Answer B is incorrect. An intrusion detection system (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer D is incorrect. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Chapter 7 page

Answer 98

Templates Templates are software representations of network system. By using these templates, you can deploy complete cloud systems at a single time. This allows you to implement "one-click provisioning" instead of deploying and configuring individual cloud objects. Chapter 9 page 272

Answer 99

Storage Chapter 9

Answer 100

NTP The Network Time Protocol (NTP) allows all devices to synchronize to a central clock or times service. This ensures that all devices report the same times to allow for synchronization of logging information. It is important that you verify regularly that your cloud elements are synchronized with the NTP servers to prevent the drifting of device clocks. Chapter 9 page 272

Answer 101

C. Storage Databases read and write requests utilize storage I/O and should be the focus for troubleshooting. Answers A, B, and D are incorrect. Memory, CPU, and networking are not used to evaluate the baseline variances; therefore, they cannot be the focus for troubleshooting. Chapter 9

Answer 102

B. Default gateway C. DNS D. NTP In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. Answers A, E, and F are incorrect. In addition to the web servers, IP addresses are not required for the SLA, API, and SNMP. Chapter 9

Answer 103

D. Subnet mask The subnet mask determines the size of an IP network. It is a number assigned to each host for dividing the IP address into network and nod portions. This segregation makes TCP/IP routable. A subnet mask removes the node ID from the IP address, leaving just the network portion. Answer A is incorrect. A default gateway is the IP address of a router that routes remote traffic from the device's local subnet to remote subnets. Answer B is incorrect. A firewall monitors and control incoming and outgoing network traffic. It establishes a barrier between and internal and external network. Answer C is incorrect. A virtual private network (VPN) is a private communication network transmitted across a public, typically insecure, network connection. Chapter 9 page 274

Answer 104

C. Change management The change management process would need to be modified to prevent one change from affecting another that is taking place simultaneously. It requires a written plan that includes all contingencies as well as participating in change review meetings to discuss upcoming changes. Answer A is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Answer B is incorrect. Patch management is the practice of monitoring, obtaining, evaluating, testing, and deploying software patches and updates. Answer D is incorrect. Application programming interface (API) defines how software components interact with each other. Chapter 9 page 277

Answer 105

Network I/O Chapter 8

Answer 106

dashboard Cloud dashboards are incredibly useful and informative. It is common to display dashboard in operations centers or overhead in office environments to give an easy-to-read overview of operations. Chapter 8 page 256

Answer 107

A. Adding memory to a host B. Adding more disks D. Adding more CPU cores Adding memory to a host, adding more disk, and adding more CPU cores are examples of vertical scaling. Vertical scaling is the process of vertical growth; everything is grown bigger and faster, or simply more of something is added. Answer C is incorrect. Increasing number of servers is an example of horizontal growth. Horizontal scaling is sideways growth, so instead of creating faster and stronger infrastructure points, you're adding more infrastructure points. Chapter 8 page 253

Answer 108

A. CPU D. RAM E. Network CPU, RAM, and network utilization are all important objects to manage for capacity and utilization tracking. Answers B and C are incorrect. Storage volume tiers and OS versions do not apply to this scenario. Chapter 8 page 248

Answer 109

objects Chapter 8 (page 245)

Answer 110

Service level agreement (SLA) By collecting actual data you can compare it to the offered service levels outline in the SLA and ensure that the guaranteed metrics are being met. Chapter 8 page 251

Answer 111

D. Cloud management and monitoring application Cloud reports are formatted collection of data contained in the management or monitoring applications. Answer A is incorrect. A hypervisor pools the resources and make them available to the virtual machines for consumption. Answer B is incorrect. Databases are the collection of information that can be easily accessed, managed, and updated. Answer C is incorrect. Logging servers is a log file that is automatically created and maintained by a server consisting of a list of activities it performed. Chapter 8

Answer 112

C. Elasticity Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. It allows for cloud consumers to automatically scale up as their workload increases and then have the cloud remove the services after the workload subsides. Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer B is incorrect. Variance is the measurement of the spread between the baseline and measured result. Answer D is incorrect. Trigger is the process of initiating and event report based on a metric value or threshold that is considered to be outside your baseline. Chapter 8 page 256

Answer 113

B. Baseline After performing a major system upgrade, you should collect new baseline data as the overall system performance has changed. A baseline is a record of a device's performance statistics under normal operating conditions. A network baseline documents the network's current performance level and provides a quantitative basis for identifying abnormal or unacceptable performance. It can also reveal where bottlenecks are impeding performance, and provide evidence for upgrading devices to improve performance. Answer A is incorrect. The SOC 2 report concerns business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer C is incorrect. Benchmarking is taking sample performance metrics that need to be collected as part of the documentation process. Answer D is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Chapter 8 page250

Answer 114

C. Elasticity Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity. Answer A is incorrect. Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use pubic cloud processing during times of increased load. Answer B is incorrect. Resource pooling is when the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. Answer D is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Chapter 1

Answer 115

C. Resource pooling Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires. Resource pooling hides the physical hardware from the virtual machines and allows for many tenants to share resources such as storage, processors, RAM, and networks to allow for the economies of cloud computing. Answer A is incorrect. In on-demand virtualization, resources are provided on an as-needed and when-needed basis. Answer B is incorrect. In dynamic scaling, a user must define how to scale in response to the changing demand. Answer D is incorrect. Elasticity is the ability to add and remove resources. Chapter 1 page 16

Answer 116

C. Shared responsibility The shared responsibility model outlines what services and portions of the cloud operations the cloud consumer and provider are responsible for. Answer A is incorrect. Availability zones are isolated locations within the cloud data center regions that the cloud service providers originate and operate. Answer B is incorrect. Community clouds are designed for a specific community of interest and shared by companies with similar requirements for business needs, regulatory compliance, security, or policy. Answer D is incorrect. Baselines are used to determine what is considered to be not normal operations. Chapter 1 page 33

Answer 117

D. On-demand On-demand cloud computing allows a cloud customer to dynamically add resources with the use of an online portal. Answer A is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer B is incorrect. Pay-as-you-grow cloud characteristic allows billing for only the services used. Answer C is incorrect. Multitenancy allows a cloud customer to share computing resources in a public or private cloud. Chapter 1 page 26

Answer 118

D. Objects Objects are queried to gather metric data. Answer A is incorrect. A database is the collection of information that can be easily accessed, managed, and updated. Answer B is incorrect. A server provides a service to another computer program. Answer C is incorrect. A hypervisor pools the resources and makes them available to the virtual machines for consumption. Chapter 1 page 16

Answer 119

C. SaaS Software as a Service (SaaS) is where the customer of the service accesses the application software that is owned and controlled by a cloud company, which has complete responsibility for the management and support of the application. It delivers cloud-managed applications as well as the underlying platform and infrastructure support. Answer A is incorrect. Storage area network (SAN) is a specialize, high-speed network that provides block-lever network access to storage. Answer B is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by the thin clients. Answer D is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services. Chapter 1 page 8

Answer 120

C. Access the cloud services portal and ensure memory ballooning is enabled. The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates the memory for other use. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines. Chapter 2 page 63

Answer 121

B. POP3 C. SMTP D. IMAP4 Post Office Protocol 3 (POP3), Simple Mail Transfer Protocol (SMTP), and Internet Message Access Protocol (IMAP4) are the messaging protocols. SMTP is used to send e-mail messages from client to server and to send and receive e-mail messages between servers. POP3 is used by client devices to retrieve e-mail from a remote email server using the TCP/IP protocol suite. IMAP4 is used to allow a client device to access email on a remote email server. Answer A is incorrect. Telecommunications Network (Telnet) is a terminal emulation protocol that enables users at one site to simulate a session on a remote host as if the terminal was directly attached. Chapter 2 page 57

Answer 122

B. Physical to virtual A physical-to-virtual (P2V) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor. A P2V migration requires reinstalling the operating system, application, and data files onto a new VM from scratch. Answer A is incorrect. A virtual-to-virtual (V2V) migration involves cloning the existing VM and installing that image at the cloud provider's hosting center. Answer C is incorrect. A virtual-to-physical (V2P) migration is done if more processing power is needed and can be provided if the server is hosted on its own server hardware. Answer D is incorrect. A physical-to-physical (P2P) migration requires conversation utilities to be run to perform the migration; these are often provided by the cloud provider or by third party software companies. Chapter 2 page 83

Answer 123

C. Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired. Answer A is incorrect. Cloud automation system offer the ability to dynamically add and remove resources as needed. Answer B is incorrect. Change advisory boards advise change teams on guidelines and priorities, assess the changes, and make sure that all order of operations is addressed. Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch. Chapter 2 page 48

Answer 124

B. P2V When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to -virtual migration. Answer A is incorrect. vMotion is an application that moves VMs between bare-metal servers. Answer C is incorrect. Private to public migration is referred to as a migration that takes place from private cloud to the public cloud. Answer D is incorrect. Virtual-to-virtual (V2V) migration is used to migrate a virtualized machine image to a different format. Answer E is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. Chapter 2 page 83

Answer 125

D. V2V To migrate a virtualized machine image to a different format, you would need to perform a virtual-to-virtual (V2V) migration. Answer A is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer B is incorrect. A physical-to-virtual (P2V) migration means taking a server that is running an operating system and application and then migrating it to a VM running on top of a hypervisor. Answer C is incorrect. A private to public migration is referred to as a migration that takes place from private cloud to the public cloud. Answer E is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. Chapter 2 page 83

Answer 126

B. SSH C. HTTPS D. FTPS Hypertext Transport Protocol Secure (HTTPS), Secure Shell (SSH), and File Transfer Protocol Secure (FTPS) all provide encrypted transmission of data and, hence are considered secure network communication protocols. Answer A is incorrect. Domain Name System (DNS) is a hierarchical distributed naming system for computers or services connected to the Internet or a private network. Answer E is incorrect. Simple Mail Transfer Protocol (SMTP) is a protocol used for sending e-mail message between servers. Chapter 2 page 56

Answer 127

B. RAID 1 C. RAID 5 D. RAID 10 The server technician will select RAID 1, RAID 5, and RAID 10 to recover the losing data if the server's hard drive crash and provide fault tolerance to a database. RAID 1 is a type of RAID for standardizing and categorizing fault-tolerant disk systems by using disk mirroring. RAID 10 or RAID 1+0, combines two RAID level into one and uses RAID 1 and RAID 0 to provide both mirroring from level 1 and striping from level 0. RAID 5 spreads data byte to byte across multiple drives, with parity information also spread across multiple drives. Answer A is incorrect because RAID 0 provides no backup for hard drive failure, it merely improves performance. Chapter 2 page 76

Answer 128

A. iSCSI Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks. Answer B is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP addresses and other TCP/IP configuration information on network systems hat are configures as DHCP clients. Answer C is incorrect. Direct-Attached Storage (DAS) refers to a digital storage system. it is directly attached to a single host computer or server without a network between the storage device and the server. Answer D is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Chapter 2

Answer 129

C. The administrator needs to update the version of the CLI tools. A command-line interface is a text-based interface tool used to configure, manage, and troubleshot devices. It allows devices to be automated through configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser. Chapter 4 page 138

Answer 130

D. IDS Intrusion Detection System (IDS) is used to detect possible malicious incursions into a network to monitor and audit suspected and known attack signatures and behavior. It scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. Answer A is incorrect. Demilitarized Zone (DMZ) enables external clients access data on private systems, such as web servers, without compromising the security of the internal network as a whole. Answer B is incorrect. Wireless Personal Area Network (WPAN) is a network that connects devices in very close proximity but not through a wireless access point. Answer C is incorrect. Hypertext Transfer Protocol (HTTP) is a network protocol that works on the Application layer of the OSI and TCP/IP models and enables clients to connect to an retrieve web pages from a server to interact with websites. Chapter 4 page 142

Answer 131

C. Vendor Based Based on the information given, the description is for a vendor-based management application. Answer A is incorrect. CLI is a means of interacting with a computer program where a user issues commands to the program in the form of successive lines of text. Answer B is incorrect. GUI is used for screen scraping, automated testing, automated data entry, application integration, and content migration. Answer D is incorrect. API offers programmatic access control, and configuration of a device between different and discrete software components. Answer E is incorrect. RESTful is used to create a user account at a user's site. Chapter 4 page 138

Answer 132

C. Automation The automation of cloud deployments has been instrumental in the growth on on-demand cloud-based services. Answers A, B, and D are incorrect. The other options are widely implemented in cloud architectures but are not the best answer to the question given. Chapter 3/4 (Week 3 #22)

Answer 133

C. SOC 3 The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report. Answer A is incorrect. The SOC 1 report outlines the internal controls of financial reporting operations. Answer B is incorrect. The SOC 2 report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system. Answer D is incorrect. The Federal Information Security Management Act (FISMA) outlines the framework to protect federal government information, operations, and facilities. Chapter 3 page 106 (Week3 #11)

Answer 134

C. IPsec IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standard based to allow for interoperability. Answer A is incorrect. AES is the Advanced Encryption Standard which is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. Answer B is incorrect. SOC 3 (Service Organization Controls 3) reports are for public disclosure of financial controls and security reporting. Answer D is incorrect. RC5 (Rivest Cipher 5) is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key. Chapter 3 page 108 (Week 3 #12)

Answer 135

B. RMF The Risk Management Framework (RMF) is a United States federal government policy and standards to help secure information systems (computers and networks) developed by the National Institute of Standards and Technology (NIST). Answer A is incorrect. The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessments, authorization, and continuous monitoring for cloud products and services. Answer C is incorrect. Federal Information Security Management Act (FISMA) is a US federal law that outlines the framework to protect federal government information, operations, and facilities. Answer D is incorrect. Department of Defense (DoD) rule outsources commercial interconnections to the DoD and other systems. Chapter 3 (Week 3 #13)

Answer 136

B. Nondiscretionary Access Control The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access. Answer A is incorrect. Discretionary access controls differ from mandatory access controls by giving users the ability to grant or assign rights to objects and make decisions for themselves as compared to the centrally controlled method used by the mandatory access controls. Answer C is incorrect. The mandatory access control (MAC) approach is often found in high-security environments where access to sensitive data needs to be tightly controlled. Answer D is incorrect. The role-based access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. Chapter 3 page 121 (Week 3 #14)

Answer 137

B. A document that defines all levels of service that the provider is promising to provide to the customer. C. A binding contract defining the service promised, that a customer can use for litigations whenever those promises are constantly missed The service-level agreement (SLA) is the most important document that exists between the service provider and the customer or user. It defines all levels of services that the provider is promising to provide to the customer in exchange for their compliance with some policies and of course, for their hard-earned cash. The SLA serves as a binding contract that a customer can use for litigations whenever the promises are constantly missed. Answer A is incorrect. A business continuity plan is a document that contains the critical information a business needs to stay running in case of adverse event. Answer D is incorrect. An operational-level agreement (OLA) is a contract that defines how various IT groups within a company plan to deliver a service or set of services. Chapter 6 page 195 (Week 4 # 27)

Answer 138

B. Archive Inactive data moved to a separate storage facility for long-term storage is referred to as archiving. Answer A is incorrect. File transfers occurs in the background from the primary data center to a backup site. Answer C is incorrect. Replication is the transfer and synchronization of data between multiple data centers. Answer D is incorrect. A data store is used for storing and managing collections of data. Chapter 6 page 191 (Week 4 #24)

Answer 139

C. DNS Domain Name System (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. A DNS name is composed of three parts: a computer name, a domain name, and a top-level domain name. For example, in the name www.ucertify.com, www is the computer's name, ucertify is the domain, and .com is the top-level domain. Answer A is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer B is incorrect. Dynamic Host Configuration Protocol (DHCP) is a networking protocol that provides they dynamic mapping and assignments of logical Layer 3 IP addresses of a network device to the physical Layer 2 MAC addresses of a network device. Answer D is incorrect. Internet Protocol Security (IPsec) is used to secure data as it travels across the network or the Internet through data authentication and encryption. Chapter 6 page 199 (Week 4 #23)

Answer 140

C. RPO The recovery point objective (RPO) is the amount of data that may be lost when restarting the operations after a disaster. It is defined by business continuity planning. It is the maximum targeted period in which data might be lost from an IT service due to a major incident. Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer B is incorrect. The recovery time objective (RTO) is the amount of time it takes to get a service online and available after a failure. Answer D is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue. Chapter 6 page 184 (Week 4 #22)

Answer 141

C. RTO The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure. Answer A is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer B is incorrect. The recovery point objective (RPO) is the amount of data that may be lost when starting the operations after a disaster. Answer D is incorrect. The mean time to resolution (MTTR) is the average amount of time it takes to resolve a particular issue. Chapter 6 page 184 (Week 4 #21)

Answer 142

Hot site A hot site model is where two fully redundant cloud data centers are in sync with each other, with the standby site backing up the primary in real time in the event of a failure. The hot site offers the most redundancy of any model. It is also the most expensive option and is used when having your cloud computing operations go offline is not an option Chapter 6 (page 187)

Answer 143

Cold site The cold site model is where a backup data center is provisioned to take over operations in the event of a primary data center failure but the servers and infrastructure are not operational until needed. A cold site facility may not have any servers or infrastructure installed, so to recover from an outage, the cold site approach will need significant amounts of installation and preparation before it is ready to be utilized. Chapter 6 (page 188)

Answer 144

Warm site A warm site approach to recovering from a primary data center outage is when the remote backup site is offline except for critical data storage, which is usually a database server at the primary data center. Chapter 6 (page 187)

Answer 145

D. Cold site A cold site is a backup data center provisioned to take over operations in the event of a primary data center failure, but the servers and infrastructure are not deployed or operational until needed. It is the least expensive disaster recovery solution that doesn't have any resources or equipment except for elevated floors and air conditioning. Answer A is incorrect. A hot site is a fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure. Answer B is incorrect. A warm site is a business site that performs noncritical function under normal conditions, which can be rapidly converted to a key operations site if needed. Answer C is incorrect. An alternative site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available. Chapter 6 page 188 (Week 4 # 18)

Answer 146

D. QA The manager is requesting data on the results of the quality assurance testing on the release. Answer A is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch. Answer B is incorrect. Orchestration platform automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer C is incorrect. Automation allows for rapid response to security events and can stop an attempted breach in progress as well as record all events to forensic analysis of the the event. Chapter 5 page 159 (Week 4 # 09)

Answer 147

A. Remote A remote backup is a preferred approach since they have the advantage of geographical separation. Many corporate and most regulatory requirements will specify that the backup data be located at a separate data center from the origin data center and that the two locations are geographically some distance apart from each other. Answer B is incorrect. A full backup is a complete copy of the backed-up data. It is generally performed on a routine backup schedule with a series of smaller or incremental backups that are added to the full backup in the time between the full backups. Answer C is incorrect. A local backup is created when data in a data center is stored on its primary storage array and a backup operation is performed. Answer D is incorrect. An incremental backup performs operations based on the change of the source data since the last incremental backup was performed. Chapter 5 page 170 (Week 4 #11)

Answer 148

B. Rolling A rolling configuration will sequentially upgrade the web servers without causing a complete outage and would meet the requirements outlined in the question. Answer A is incorrect. Orchestration platforms automate the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Answer C is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer D is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other. Chapter 5 page 159 (Week 4 # 14)

Answer 149

D. Cluster Clusters are groups of computers interconnected by a local area network and are tightly couple together. Clusters can be configured in many different topologies depending on the use case and for the different solutions they are designed for. However, all clusters are designed for high availability, which can allow for installing patches with zero downtime. Answer A is incorrect. Blue-green is a methodology that uses two configurations for production that are identical to each other. Answer B is incorrect. A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. Answer C is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks. Chapter 5 page 157 (Week 4 #15)

Answer 150

A. Synchronous Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer B is incorrect. Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer C is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer D is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure. Chapter 6 page 190 (Week4 #16)

Answer 151

A. Hot site A hot site is fully configured alternate network that can be online quickly after a disaster. It has two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure. Answer B is incorrect. A warm site is a business site that performs noncritical function under normal conditions, which can be rapidly converted to a key operations site if needed. Answer C is incorrect. An alternative site refers to a location where equipment and people that need to work is relocated for a period of time until the normal production environment is available. Answer D is incorrect. A cold site is a predetermined alternate location where a network can be rebuilt in case of a disaster. Chapter 6 page 187 (Week 4 #17)

Answer 152

A. Asynchronous Asynchronous replication works off a store-and-forward model and is a cost-effective protection and backup solution. With asynchronous replication, the data is first written to the primary storage system in the primary storage facility or cloud location. Answer B is incorrect. Synchronous replication is the process of replicating data in real time from the primary storage system to a remote facility. It allows you to store current data at a remote location from the primary data center that can be brought online with a short recovery time and limited loss of data. Answer C is incorrect. Site mirroring refers to the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary data center failure. Answer D is incorrect. The recovery time objective (RTO) is the amount of time a system can be offline during a disaster. It is the amount of time it takes to get operations back up and operational after a failure. Chapter 6 page 190 (Week 4 #19)

Answer 153

recovery time objective Or Restore Time Objective (RTO) is the amount of time a system can be offline during a disaster; it is the amount of time it takes to get operations back up and operational after a failure. Chapter 6 (page 184)

Answer 154

recovery point objective Or Restore Point Objective (RPO) is the restore point you recover to in the event of an outage. Basically, the RPO indicated the amount of data that may be lost when restarting the operation after a disaster. Chapter 6 (page 184)

Answer 155

B. Vertical scaling Scaling up or vertical scaling will add resources such as CPU instances or more RAM. When you scale up, you are increasing your compute, network or storage capabilities. Answer A is incorrect. Scaling out or horizontal scaling, adds more nodes instead of increasing the power of the nodes. Answer C is incorrect. Resource pooling is the allocation of computer resources into a group, or pool, and then these pools are made available to multitenant cloud environment. Answer D is incorrect. Cloud bursting allows for adding capacity from another cloud service during times when additional compute resources are needed. Chapter 7 page 225 (Week 5 #13)

Answer 156

C. Lockout A lockout policy can be applied to an account that defines the parameters that create a lockup event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes. A lockout policy will most likely be defined by your information security group, and you may be asked to create an apply the policy as part of your duties. Answer A is incorrect. Autoscaling is the dynamic process of adding and removing cloud capacity. Answer B is incorrect. Variance is the measurement of the spread between the baseline and the measured result. Answer D is incorrect. Trigger is the process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline. Chapter 7 page 233 (Week 5 # 27)

Answer 157

B. Bursting Cloud bursting allows for adding capacity from another cloud service during times when additional resources are needed. Answer A is incorrect. Elasticity allows for cloud services to expand and contract based on actual usage and would be applicable to increasing storage capacity. Answer C is incorrect. Vertical scaling adds resources such as CPU instances or more RAM. Answer D is incorrect. Auto-scaling is the automated process of adding and removing capacity. Chapter 7 page 224 (Week 5 # 14)

Answer 158

A. Cloud bursting Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes. It is beneficial for high performance, non-critical applications that handle non-sensitive information. Answer B is incorrect. Cloud automation provides way to build processes used to provision cloud services across virtual and physical cloud platforms. Answer C is incorrect. Multitenancy is the characteristic of a software program that enables an instance of the program to serve different consumers (tenants) whereby each is isolated from the other. Answer D is incorrect. Resiliency is a form of failover that distributes redundant implementations of IT resources across physical locations. Chapter 7 page 224 (Week 5 #20)

Answer 159

A. Horizontal Horizontal scaling is the process of adding servers to a pool for increased capacity. Answers B, C, D, and E are incorrect. Round robin is a load-balancing metric and does not apply, elasticity is the ability to add and remove resources, auto-scaling is the automated process of adding and removing capacity, and vertical scaling is expanding a server. Chapter 7 page 226 (Week 5 #22)

Answer 160

C. The two servers do not have enough virtual network adapters attached. A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection or LANs. A virtual network adapter is the logical or software instance of physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services. Chapter 8/9 (Week 6 #14)

Answer 161

B. Trends E. Peak usage F. Anomalies Trend, peak usage, and anomalies are all management report outputs that can be identified using object tracking. Answers A, C, and D are incorrect. Resiliency, metrics, and ACLs can not be identified using object tracking. Chapter 8 page 246 (Week 6 #13)

Answer 162

A. RAM C. CPU D. Storage Resources such as the amount of RAM needed, CPU cycles, and storage capacity are common systems that may become saturated as you cloud computing requirements grow. Answer B is incorrect. Monitoring applications can display actual compared to available API capacity. Chapter 8/9 (Week 6 # 16)

Answer 163

C. Define the set of application-based SLAs. To document business continuity, define the set of application-based SLAs first. Service providers need service-level agreements (SLAs) to manage customer expectations and define the circumstances under which they are not liable for outages or performance issues. An SLA is a document which is a part of a service contract in which a service is formally defined between two or more parties. It can be a legally binding formal or an informal contract. Particular aspects of the service, such as scope, quality, and responsibilities are agreed upon between the service provider(s) and the customer. Chapter 8/9 (Week 6 #15)

Answer 164

B. PaaS Platform as a Service (PaaS) is a cloud computing model in which a third-party provider delivers hardware and software tools. It allows customers to install their applications on the cloud platform. The cloud provider takes responsibility up to the operating system level, including all hardware and OS software. Answer A is incorrect. Unified Communication as a Service (UCaaS) includes voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud. Answer C is incorrect. Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients. Answer D is incorrect. Communication as a Service (CaaS) includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration and other communication services. Chapter 1

Answer 165

A. Elasticity B. On-demand computing E. Pay-as-you grow Elasticity, on-demand computing, and pay-as-you grow are all examples of being able to expand and contract cloud compute resources as your needs require. Answers C, D, and F are incorrect. Availability zones, resiliency virtualization, and resource pooling do not maximize operational expenditures. Chapter 1

Answer 166

B. Hybrid The interconnection of multiple cloud models is referred to as a hybrid cloud. Answer A is incorrect. The public cloud is generally where the hyperscale data centers are, and massive scaling takes place. Answer C is incorrect. A community cloud is a cloud where users with common interests or requirements access shared resources. Answer D is incorrect. A private cloud is operated and reserved by a single organization. Chapter 1

Answer 167

B. SSO Single sign-on allows a user to log in one time and be granted access to multiple systems without having to authenticate to each one individually. Answer A is incorrect. Token-based 2FA is a method of confirming a user's claimed identity by utilizing a combination of two different factors. Answer C is incorrect. RSA is an asymmetrical encryption implementation that uses a private key and public key. Answer D is incorrect. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. Chapter 2 page 90

Answer 168

C. Workflow Workflow application tracks a process from start to finish and sequence the applications that are required to complete the process. Answer A is incorrect. An API is an interface through which a user communicates with a device. Answer B is incorrect. The NTP allows all devices to synchronize to a central clock or time service. Answer D is incorrect. Orchestration platform automates the provisioning of cloud services and often include a self-service dashboard that allows the consumer to manage and deploy cloud services with a web browser. Chapter 2 page 52

Answer 169

D. SAN A storage area network (SAN) is a high-speed data transfer network that provides access to consolidated block-level storage. A SAN moves storage resources off the network and reorganizes them into an independent, high-performance network. It allows server operating systems to access the shared storage list as if it were locally attached drive. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes. Answer A is incorrect. Single sign-on (SSO) is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission. Answer B is incorrect. Network Address Translation (NAT) allows the use of private IP address network for internal use and mapping it to a single public IP address connected to the Internet. Answer C is incorrect. Role-base access control (RBAC) is a method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization. Chapter 2 page 69

Answer 170

A. Load balancing Load balancing addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services. Answer B is incorrect. Certificate management offerings that may be available are services that will rotate the keys, update the servers, and load balancers with current keys, and ensure the private keys are securely stored. Answer C is incorrect. The dynamic host configuration protocol (DHCP) allows for automatic assignment of IP addressing information to devices on a network. Answer D is incorrect. To resolve a name to an IP address that the IP protocol uses to connect to a remote device, the server or workstation will perform a DNS server lookup. Chapter 2 page 91

Answer 171

D. RAID 5 RAID 5 can withstand a single drive failure in the array because of the use of parity data that can be used to reconstruct the storage volume. Answer A, B, and C are incorrect. The other RAID types do not have parity data; therefore they cannot withstand a single drive failure in the array. Chapter 2 page 77

Answer 172

A. Application Programming Interface An application programming interface (API) is defined means to programmatically access, control, and configure a device between different and discrete software components. The API defines how software components interact with each other. APIs provide the means to enable automation of the complete stack from the physical devices to the applications and everything in between. Answer B is incorrect. Vendors and suppliers of virtualized cloud services offer internally developed automation tools and configuration examples as part of their offerings. Answer C is incorrect. A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices and allows devices to be automated through configuration scripts. Answer D is incorrect. A graphical user interface (GUI) is a web-based interface that is usually your first introduction to a cloud provider's system. Chapter 3/4 (Week 3 # 20)

Answer 173

C. AES-256 Advanced Encryption Standard (AES) is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. AES 256 is a very secure standard, and it would take an extremely long time and a lot of processing power to even come close to breaking the code. Answer A is incorrect. 3DES is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. Answer B is incorrect. RSA is a asymmetrical encryption implementation that uses a private key and a public key. Answer D is incorrect. Rivest Cipher 5 is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key. Chapter 3 page 110

Answer 174

A. Vertical scaling B. Horizontal scaling D. Cloud bursting Cloud computing operates with a utility business model that charges you only for the resources you consume. This model enables you to scale your cloud fleet to meet its current workload and be able to add and remove capacity as needed. There are many options that use elasticity to scale cloud operations including vertical and horizontal scaling and bursting. Answers C, and E are incorrect. Edge cache and core elasticity are not used to dynamically add capacity to the web server farm to handle the anticipated additional workload. Chapter 7 Week 5 # 15

Answer 175

C. Change management Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired. Answer A is incorrect. Cloud automation systems offers the ability to dynamically add and remove resources as needed. Answer B is incorrect. Change advisory boards advice change teams on guidelines and priorities, assess the changes, and make sure that all order of operations is addressed. Answer D is incorrect. A rollout is a patch deployment process, and both automation and orchestration systems are used to install the patch. Chapter 7

Answer 176

C. Disable the accounts The ability to disable an account can be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted. Answers A, B, D, E, and F are incorrect. The other options cannot be helpful in situations where the account will need to be reactivated at a future date and does not need to be deleted. Chapter 7

Answer 177

A. Authorization The question is asking about being able to access a specific cloud service. This would concern DevOps having authorization to access the storage volume. Answer B is incorrect. Authentication is the process of determining the identity of a client usually by a login process. Answer C is incorrect. The federated approach is based on industry standards that allow for the needed interoperability between different organization's systems. Answer D is incorrect. SSO (single sign-on) allows a user to log in just one time and be granted access rights to multiple systems. Chapter 7

Answer 178

D. CPU Implementing new application features may cause increased CPU usage and require that you add CPU resources to meet the requirements of the application. Answer A is incorrect. DMA (direct memory access) allows certain hardware subsystems to access main system memory, independent of the CPU. Answer B is incorrect. BIOS (basic input/output system) is used to perform hardware initialization during the booting process and provides runtime services to operating systems and programs. Answer C is incorrect. Internet Protocol Security (IPsec) is a framework or architecture that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Answer E is incorrect. I/O (input/output) is the communication between the information processing system and human being. Chapter 7

Answer 179

E. Vertical Vertical scaling is the process of upgrading or replacing a server with one that has greater capabilities. Answer A is incorrect. Horizontal scaling is the process of adding servers to a pool for increased capacity. Answer B is incorrect. Round robin is referred to as a load-balancing metric. Answer C is incorrect. Elasticity is the ability to add and remove resources. Answer D is incorrect. Auto-scale is used for adding and removing capacity by an automated process. Chapter 7

Answer 180

A. Hybrid A hybrid cloud is a composition of two or more clouds (private, community, or public) that are unique entities but are bound together and provides the benefits of multiple deployment models. It can also be considered as multiple cloud systems connected in a manned that permits programs and data to be moved easily from one deployment system to another. Answer B is incorrect. Public cloud is based on the standard cloud computing model in which resources such as application and storage are made available by a service providers to the general public over the Internet. Answer C is incorrect. Private cloud is an infrastructure used only for a single organization, whether handled internally or by a third-party and hosted internally or externally. Answer D is incorrect. A community cloud is a type of cloud computing deployment model used between a selective group of users or organizations. Chapter 7 (Week 5 #21)

Answer 181

C. Autoscaling Autoscaling is the dynamic process of adding and removing cloud capacity. This service can also be configured to remove he servers after the load has fallen below your defined metrics for a period of time to eliminate charges for unused capacity. Answer A is incorrect. Elasticity is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud. Answer B is incorrect. Variance is the measurement of the spread between the baseline and the measured result. Answer D is incorrect. Trigger is the process of initiating an event report based on metric value or threshold that is considered to be outside your baseline. Chapter 8/9 (Week 6 #17)

Answer 182

C. Workflow Workflow application track a process from start to finish and sequence the applications that are required to complete the process. Answer A is incorrect. Application programming interface (API) defines how software components interact with each other. Answer B is incorrect. A runbook is a software process that performs automated tasks and responses that simplify and automate repetitive tasks. Answer D is incorrect. Orchestration automates the provisioning of cloud services and often includes a self-service dashboard which allows the consumer to manage and deploy cloud services with a web browser. Chapter 8/9 (Week 6 #18)

Answer 183

A. Configuration backups C. Documentation D. Diagrams When troubleshooting, it is helpful to have access to configurations, documentations, and diagrams to provide information on your cloud deployment. Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer E is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network services that provides automatic assignment of IP addresses and other TCP/IP configuration information. Chapter 8/9 (Week 6 #19)

Answer 184

A. DNS C. NTP In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same time to allow for synchronization of logging information. Answer B is incorrect. A service-level agreement (SLA) outlines specific metrics and the minimum performance provided by the cloud provider. Answer D is incorrect. Dynamic Host Configuration Protocol (DHCP) is a network service that provides automatic assignment of IP address and other TCP/IP configuration information. Chapter 8/9 (Week 6 #23)

Answer 185

D. Community A community cloud is where multiple organization from a specific community with common interests share the cloud infrastructure. They can be managed internally or by a third-party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud, but more than a private cloud. Chapter 1 (Week1 # 20)

Answer 186

A. Networking Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks. Answer B is incorrect. Automation software systems operate in a cloud provider's data center that automates the deployment and monitoring of cloud offerings. Answer C is incorrect. The compute resources are the actual central processing of data and applications on either a physical or virtualized server running a variety of operating systems. Answer D is incorrect. Large storage arrays and storage area networks exist in the cloud for use by cloud service consumers. Common storage media are solid state drives (SSDs) and magnetic physical drives. Answer E is incorrect. Virtualization is the ability to take physical data center resources such as RAM, CPU, storage, and networking and create a software representation of those resources in large-scale cloud offerings. Chapter 1 (Week 1 #25 )

Answer 187

C. Ephemeral D. Nondurable Temporary storage volumes that are only in existence when the VM is deployed are referred to as ephemeral or nondurable storage. Answer B is incorrect. Durable storage volumes do not get deleted and retains data even if the virtual machine is stopped or terminated. Answer B is incorrect. RAID is a hardware storage family of redundancy types. Answer E is incorrect. Block storage offers a high utilization rate. Answer F is incorrect. Object-based storage is highly utilized at the large cloud companies as a fully managed and cost-effective service. Chapter 3/4 (Week 3 #18)

Answer 188

netstat netstat is a network statistic utility found on both Windows and Linux workstation and servers. You can use netstat when troubleshooting to see which network connections are open to remote applications, to view detailed protocol information, to see addresses used both locally and remotely, and to determine which state the TCP connections are currently in on the device. Chapter 10 (page 300)

Answer 189

ifconfig ifconfig on Linux and ipconfig on Windows are command-line utilities used to verify and configure the local network interfaces. Chapter 10 (page 300)

Answer 190

dig and nslookup nslookup and dig are command-line utilities used to resolve hostnames to IP addresses using a DNS server. nslookup is the Windows variant and its Linux equivalent is called dig. If you need to learn the IP address of a domain, use these applications to resolve the DNS name to the IP address. Chapter 10 (page 302)

Answer 191

ping ping is part of the TCP/IP family of protocols; it is used to verify that a device is available and reachable on the network and also to get a reading of the response time at the moment in time. Chapter 10 (page 303)

Answer 192

Remote Desktop Services Remote Desktop Services (RDP) allows remote access to Windows devices. RDP is a client-server application, which means RDP had to be installed and running on both the server and the local workstation you are using to access the cloud server. The desktop application comes preinstalled on most versions of Windows. Chapter 10 (page 309)

Answer 193

terminal server In a data center, devices called terminal servers are deployed that have several serial ports, each cabled to a console port on a device that is being managed. This allows you to make an SSH or a Telnet connection to the terminal server and then use the serial interfaces to access the console ports on the devices you want to connect to. Chapter 10 (page 307)

Answer 194

ARP Address Resolution Protocol (ARP) is the protocol that determines the mapping of the IP address to the physical MAC address on a local network. Using ARP, all devices on the LAN build a table of IP to MAC address bindings. Chapter 10 (page 298)

Answer 195

traceroute The tracert/traceroute utilities are useful for network path troubleshooting. The traceroute utility displays the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. Chapter 10 (page 306)

Answer 196

tcpdump tcpdump allows Linux system to capture live network traffic and is useful in monitoring and troubleshooting. Sometimes called sniffing, tcpdump allows you to set up filters to select the traffic you are interested in capturing for troubleshooting. Think of tcpdump as a command-line network analyzer. Chapter 10 (page 305)

Answer 197

SSH Secure Shell (SSH) is the encrypted version of the Telnet protocol and is used to access remote devices using a command-line interface. Use port 22 for communications. Chapter 10 (page 305)

Answer 198

Default gateway The term default gateway can be misleading since a gateway is now called a router. But a default gateway is the IP address on the interface on the router on the local subnet that connects to the outside world. It gives computers on one network a path to other networks. Chapter 10 (page 292)

Answer 199

Memory When RAM utilization reaches 100 percent on a server, the operating system will begin to access the swap file and cause a serious performance slowdown that affects all processes running on the server. Monitoring memory usage is one of the most critical objects to monitor and collect baseline data on. Chapter 8 (page 249)

Answer 200

CPU Many applications are CPU bound which is to say their performance depends on the amount of CPU resources available. One of the most common cloud objects that are tracked is the percentage of CPU utilization, since it has a direct impact on systems' performance. Chapter 8 (page 247)

Answer 201

bursting Cloud bursting is a hybrid model that is most commonly found in private cloud deployments that are designed to use public cloud processing during times of increased load. This is the model where a primary data center carries the current compute load, and when additional capacity is required, a remote cloud can assist with the load. One cloud is primary and can "burst" to a backup cloud if additional capacity is required to meet a peak demand situation. Chapter 7 (page 224)

Answer 202

variance Chapter 7 (page 217)

Answer 203

Lockout A lockout policy can be applied to an account that defines the parameters that create a lockout event. It is most common to apply a lockout policy to failed login attempts. For example, you can define a policy where four failed login attempts in five minutes will disable an account for thirty minutes. Chapter 7 (page 233)

Answer 204

Incremental Incremental backups perform operations based on the change of the source data since the last incremental backup was performed. Incremental backups can be run, for example on a nightly basis and capture the changes that were made since the previous backup was run the night before. This allows for an efficient backup operation since only the changes in the past 24 hours are stored on the backup media. Incremental backups are much less time-and resource-consuming than a full backup and are used to complement them. Chapter 5 (page 169)

Answer 205

Version A version update is the process of replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, and provide a rollup of all previous patches to improve the product. Upgrading entails replacing the current, older version of the same product with a newer version. Chapter 5 (page 162)

Answer 206

Firewall The device that is central to any security implementation is the network firewall. A firewall will be installed inline in a network so that all traffic must pass through is as it transits from one network to another. Firewalls will have rule sets, or policies, configured that will either permit or deny traffic to pass. Chapter 4 page 141

Answer 207

SSL/TLS Secure Sockets Layer (SSL)/Transport Layer Security (TLS) make up a group a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol. Chapter 3 page 109

Answer 208

IPsec ``` IP Security (IPsec) is a framework, or architecture, that uses many different protocols to provide integrity, confidentiality, and authentication of data on a TCP/IP network. Since IPsec is not a protocol but a framework that implements different security and encryption protocols under one umbrella, it can be challenging to understand all the details and to correctly implement and troubleshoot it. Most IPsec implementations are found in the VPNs, application security, and network security technologies that are commonly implemented in operating systems, routers, and firewalls. ``` Chapter 3 page 108

Answer 209

RAID 6 RAID 6 is an extension of the capabilities of RAID 5. The added capability offered in the RAID 6 configuration is that a second parity setting is distributed across all the drives in the array. The advantage of adding the second parity arrangement is that RAID 6 can suffer two simultaneous hard drive failures and not lose any data. Chapter 2 (page 78)

Answer 210

SaaS Chapter 1

Answer 211

Regions Large cloud operations will partition operations into regions for fault tolerance and to offer localized performance advantages Chapter 1 (page 27)

Answer 212

Community Chapter 1

Answer 213

Private Chapter 1

Answer 214

RAID RAID (Redundancy Array of Independent Disks), by combining physical disks, you can achieve redundancy without having to sacrifice performance. The groupings of many disks can be used to create very large volumes. Chapter 2 (page 75)

Answer 215

PaaS | Chapter 1

Answer 216

Vertical Vertical scaling or scaling up will add resources such as CPU instances or more RAM. When you scale up, you are basically increasing your compute, network, or storage capabilities. Chapter 7 (page 225)

Answer 217

IDS Intrusion detection system (DS) are used to monitor network traffic looking for suspicious activity. The intrusion detection system will alert a management system or can be configured to send out e-mails or text notifications if an attack is discovered. However, the intrusion detection system will not take action to remedy the situation – it only monitors and reports. Chapter 4 page 142

Answer 218

Asynchronous | Chapter 1

Answer 219

horizontal Horizontal scaling or scaling out adds more nodes instead of increasing the power of the nodes. With horizontal scaling, you will choose to add more servers to the existing configuration. Chapter 7 (page 226)

Answer 220

Auto-scaling Scaling is adding capacity to your cloud deployment. To scale your cloud, you decide whether you need to scale up or scale out. Chapter 7 (page 225)

Answer 221

Change management Change management outlines policies and procedures and provides standardized process to follow, including recording the change, planning for the change, testing, documentation, approvals, evaluation and validation, instructions for backing out the change if needed, and post-change review if desired. Chapter 7 (page 222)

Answer 222

Authentication Authentication is the process of determining the identity of a client usually by a login process. By authenticating the user, you learn the identity of that user and can authorize or grant permissions to cloud resources by either allowing or denying access to specific resources. Chapter 2 (page 81)

Answer 223

Two-factor authentication The two-factor authentication includes something you have, which is the key fob, and something you know, which is your password. Chapter 3 page 121

Answer 224

Vertical Vertical scaling or scaling up will add resources such as CPU instances or more RAM. Many applications, such as databases will perform better after a system has been scaled vertically. For example, a system that is CPU bound will perform better when scaling up with additional CPU cores. The same is true with applications that benefit from more RAM or higher Local Area Network (LAN) throughput. Chapter 7 (page 225)

Answer 225

Disable the accounts. The ability to disable an account can be helpful in situations where the account will need to be re-activated at a future date and does not need to be deleted. Account disablement can be managed in the same manner as other account operations with a web front end or with the use of APIs for scripted and automated processes. Chapter 7 (page 234)

Answer 226

PaaS Platform as a Service (PaaS) offers the compute and operating system as a service and allows customers to install their applications on the cloud platform Chapter 1 (page 9)

Answer 227

Authorization When a device or user has been identified through authentication systems, then they can be given authorization to perform their specific duties. Chapter 2 (page 89)

Answer 228

False | Chapter 1

Answer 229

SaaS ``` The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Chapter 1 (page 9) ```

Answer 230

``` Firewall Firewalls are generally deployed between the cloud network and the cloud consumer for protection of unauthorized access into the networks. A firewall is either hardware based or a virtualized device that inspects network traffic and compares the traffic to the defined rules' list to determine whether that traffic is allowed. Chapter 2 (page 92) ```

Answer 231

``` Baseline Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud. Baseline also are used to determine what is out of normal operations. You can use your baseline statistics as a reference, and if a counter has a variance above or below that value, it will be considered a serious issue. Chapter 1 (page 33) ```

Answer 232

Hotfix A hotfix is a software update type that is intended to fix an immediate and specific problem with a quick release procedure. A hotfix may be a customer-specific and not released to the public or available to everyone. Many times a hotfix is a bug fix that has been made quickly and did not follow the normal quality assurance or formal release procedure since the intention is for a rapid deployment. Chapter 5 (page 162)

Answer 233

Service Level Agreement Service level agreement (SLA) is a document that outlines specific metrics an the minimum performance or availability level and outlines the penalties for failing to meet the metrics. The SLA will outline who owns the data and who owns the rights and responsibilities. Chapter 2 (page 62)

Answer 234

DNS Domain Name Service (DNS) server will have the domain name to IP address mapping and reply with the correct IP address for any given domain name. Think of this as a phonebook where you know the name of a business but not the number; the phone book provides the name-to-number lookup function. DNS uses well-known port 53. Chapter 2 (page 91)

Answer 235

Storage Chapter 1

Answer 236

Federations Identity systems using federations allow multiple organizations to use the same data for identification when accessing the network's or resources of everyone in the group. Chapter 2 (page 90)

Answer 237

Baseline Baseline collect data and provide trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation. Establishing baselines is helpful when you need to determine the size of the virtual machines required when migrating servers to the cloud. Chapter 1 (page 33)

Answer 238

Automation Chapter 1

Answer 239

ARP ARP is the protocol that determines the mapping of an IP address to the physical MAC address on a local network. The mappings can be seen with the arp command-line utility. dig is used for DNS resolution, ipconfig shows the network adapter parameters, and netstat shows connection. Chapter 10

Answer 240

traceroute The traceroute and tracert utilities are useful for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination. You can use it to determine whether routing is working as expected or whether there is a route failure in the path. The other answers were all incorrect as they do not provide network path data. Chapter 10

Answer 241

Top down The top-down approach references the OSI model; it starts at the application layer and works downward until the problem is identified. The application is checked first, and if that is operational, you continue to work down the network stack until you identify the problem. Chapter 10

Answer 242

Bottom up The bottom-up approach starts at the lowest level of the ISO model with the physical network connections, such as cabling, and works upward by investigating VLANs, IP addressing, and so on, until the issue is located. Chapter 10

Answer 243

Divide and conquer The divide-and-conquer troubleshooting approach starts in the middle of the OSI network stack and, depending on the result, directs future tests. In this case the troubleshooter began at the network layer, which is in the middle of the OSI model. This is the divide-and conquer approach. Chapter 10

Answer 244

``` Gather information Distill the issue Research Create a plan of action Test and verify ``` All of the answers given are common troubleshooting steps. Chapter 10

Answer 245

Infrastructure Infrastructure security is the hardening of the facility and includes the steps outlined in the question including nondescript facilities, video surveillance, and biometric access. Chapter 10

Answer 246

A. Security Group Finals #49

Answer 247

B. SaaS Finals #1

Answer 248

A. Develop, test, perform QA, and release to production. Finals #24

Answer 249

A. Synchronous replication Finals #26

Answer 250

C. Install a second network adapter Finals# 35

Answer 251

C. SSH Finals# 44

Answer 252

B. Ensure the EC2 instances are on separate subnets and each subnet is in a different availability zone. Finals# 46