Home
Browse
Create
Search
Log in
Sign up
Upgrade to remove ads
Only $2.99/month
CompTIA Cloud+ set 1
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (1059)
Hypervisor
A hypervisor is the component that creates and runs virtual machines and allows multiple operating systems to run on a single physical machine.
Which of the following is a piece of software or hardware that creates and runs virtual machines and allows multiple operating systems to run on a single physical machine?
Type 1
A type 1 hypervisor is a bare-metal hypervisor interacting directly with the hardware, giving better performance and resource allocation than a type 2 hypervisor or virtual machines.
Which type of hypervisor allocates resources more efficiently?
CaaS
Communications as a Service (CaaS) enables customers to utilize enterprise-level voice over IP (VoIP), virtual private networks (VPNs), private branch exchange (PBX), and unified communications without the costly investment of purchasing, hosting, and managing their own infrastructure.
Which cloud service model allows an organization to utilize enterprise-level VoIP, VPNs, PBX, and unified communications without having to purchase their own infrastructure?
SSD
A solid state drive (SSD) provides high performance, allowing for quick retrieval of data, and requires less power than a hard disk drive (HDD).
What technology would be the best solution when quick retrieval of data is required and power consumption is restricted?
25
Port 25 is the default port used for SMTP.
Which of the following ports is the default port for SMTP?
HA
High availability (HA) is a system design approach that ensures that a system or component is continuously available for a predefined length of time.
Your organization is looking to implement a system design approach that ensures a system or component is continuously available for a predefined amount of time. What type of system design would the organization be implementing?
SMTP
The simple mail transfer protocol (SMTP) is the protocol used to send electronic message (e-mail) over the Internet.
Which of the following protocols allows someone to send electronic messages over the Internet?
Fault tolerance
Fault tolerance allows a computer system to function as normal in the event of a hardware failure in one or more of the system's components.
Which of the following terms describes the process that allows a computer system to function as normal in the event of a failure in one or more of the system's components?
Quotas
Quotas are the application of limits that have been defined for usage of a system's resources. The quotas that are typically defined for host systems have to do with allocation of the host computer resources to its guest machines. Quotas allow a cloud provider to limit the total amount of resources a cloud consumer can use.
A cloud provider needs to limit the total amount of computer resources that a cloud consumer can utilize. What would they use to limit the resources?
Pay-as-you-grow
Pay-as-you-grow is the concept in cloud computing where an organization pays for cloud resources as they need them.
An organization is looking to adopt a cloud model to help save costs on hardware and pay only for the computing resources they use. Which of the following will allow the organization to accomplish this goal?
Reservations
By creating a DHCP reservation, an administrator can assure that a computer gets the same IP address based on its MAC address.
An administrator needs to assign a specific IP address to a computer based on the computer's MAC address. What should be implemented?
Cloud bursting
Cloud bursting is the concept of running an application on the organization's internal computing resources or private cloud and "bursting" that application into a public cloud on demand when they run out of resources on their internal private cloud.
You need to implement a solution that primarily relies on a private cloud infrastructure but can utilize piblic cloud resources if capacity requirements change. What type of solution should you implement?
Verbose logging
If you are troubleshooting an issue and the standard system logs do not seem to provide enough information, you can enable verbose logging. Verbose logging records more detailed information than standard logging and is only recommended to troubleshoot a specific problem.
You have been troubleshooting an operating system issue and have not been able to gain enough information to diagnose the exact problem. What can you enable to get more detailed information about the operating system issue?
Reservations
Reservations are similar to quotas, but they ensure that a lower limit is enforced for the amount of resources guaranteed to a cloud consumer for their virtual machine or set of virtual machines.
As a cloud consumer your organization needs a way to ensure they are receiving at least a certain amount of computer resources. Which of the following guarantees a cloud consumer a minimum amount of computer resources?
UFS
The Unix file system (UFS) is the primary file system for Unix operating systems.
Which file system is the primary file system for the Unix operating system and provides a hierarchical file system?
Incremental
An incremental backup backs up only those files that have changed since your last backup. This makes incremental backups faster and requires less space, but the time it takes to perform a restoration is higher.
You need to recommend the appropriate backup method for your new cloud environment. The requirement is to have a backup that is fast and requires less space. The time it takes to perform a restoration is not a factor. What type of backup would you recommend?
RPO; RTO
Many organizations have two recovery objectives when they are building their disaster recovery plan (DRP): the recovery time objective (RTO), which specifies an acceptable length of time the business can wait until data is fully restored, and the recovery point objective (RPO), which specifies how much lost data the business can tolerate if they would have to revert to the last completed backup job.
When building a disaster recovery plan, an organization should have two primary recovery objectives. Which two objectives should an organization consider?
Caching
A disk cache is a mechanism for improving the time it takes to read from or write to a disk resource by holding data that has been recently accessed. It is usually included as part of the hard disk and can also be a specified portion of a memory resource.
Which of the following is a mechanism for improving the time it takes to read and write to a hard disk drive?
Bus
In a bus topology every node is connected to a central cable, referred to as the bus or backbone, and only one device is allowed to transmit at any given time.
In which network topology is every node connected to a central cable and only one device is allowed to transmit at any given time?
Guest tools
Guest tools are software additions that are added to a virtual machine after the operating system has been installed; they enhance the performance of a virtual machine and improve the interaction between the virtual machine and the host computer.
Which of the following can be added to a virtual machine after the operating system has been installed to improve the interaction between the virtual machine and the host computer?
Increase the speed of the Ethernet network; Isolate the storage network
The speed of the Ethernet network that iSCSI uses to transport its commands directly affects the performance of the storage network. Also, isolating the storage traffic from the data traffic by creating separate networks prevents congestion on the data network from affecting the performance of the storage network.
When designing a network attached storage solution that utilizes iSCSI as a transport mechanism, what should you do in order to ensure the best performance?
RAID 0
RAID level 0 can be used to increase performance, but it does not provide any redundancy.
You have been tasked with configuring the drives on a server. The requirements are to increase performance of the server but redundancy is not required. Which RAID level should you recommend?
Disk latency
Disk latency is a counter that provides administrators with the best indicator of when a resource is experiencing degradation due to a disk bottleneck and needs to have action taken against it.
One of the virtual machines in your environment is not performing at an optimal level. You suspect that it is an issue with the hard disks. What is one of the counters you can use to test the performance of a hard disk?
Tape
The primary use for a tape drive is for long-term or off-site storage.
Which of the following storage devices is used primarily for off-site storage and archiving of data?
Syslog
Syslog provides a mechanism for a network device to send event messages to a logging server or syslog server using UDP port 514 or TCP/514.
Which of the following protocols uses port 514 to send event messages?
**John requires a data center full of the needed computing gear to support his company's operations where all computing is owned and operated by a single corporate entity. Which of the following computing types will accomplish John's requirement?
In-house computing
Client-server computing
Virtualized computing
Cloud computing
In-house computing -requires a data center full of the needed computing gear to support the company's operations. Engineers are needed to tend to the operating systems, applications, storage, and networks and all computing is owned and operated by a single corporate entity.
**Maria has noticed an increase in the response time of the NoSQL application she runs in her IaaS cloud deployment. When comparing current results against her baseline measurements that she recorded when the database was originally deployed, she verified that there has been a steady increase in the number of read requests. You have been asked to evaluate the baseline variances. Where should you focus your troubleshooting efforts?
Memory
CPU
Storage
Networking
Storage -Databases read and write requests utilize storage I/O and should be the focus for troubleshooting.
Which of the following cloud computing services enables a consumer to outsource computing equipment purchases and running their own data center?
NaaS
IaaS
SaaS
IDaaS
IaaS
**Which of the following cloud service models enables a consumer to rent fully configured systems that are set up for specific purposes?
CaaS
PaaS
NaaS
DaaS
PaaS -is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure
Kurt works as an IT manager for a small chain of dental offices. Because of budget constraints, he is unable to purchase, install, and maintain an enterprise-class application to provide HIPAA-compliant record keeping, billing, and scheduling. He has been investigating other options and found a cloud company that offers the same application in a shared environment with other small dental chains. What type of cloud is Kurt investigating?
Hybrid
Public
Private
community
community
Art plans to implement a site backup plan for his company's inventory control database. To ensure a low RTO, he has decided to contract with multiple public cloud providers to back up each other. He is reviewing the service models as he prepares his migration plans. Which service model has the most lock-ins and is the most complex to migrate?
IaaS
PaaS
SaaS
XaaS
SaaS
You have been asked to migrate existing servers of your organization to cloud. Before you start migration, you want to determine the size of the virtual machines required for migration of servers. What is this statistics called?
Vulnerability scanning
baselines
Penetration testing
Loading
baselines
Which of the following is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit?
Vulnerability scanning
baselines
Penetration testing
Loading
Penetration testing
**The ability to dynamically add additional resources on demand such as storage, CPUs, memory, and even servers is referred to as what?
bursting
pooling
elasticity
Orchestration
elasticity -Cloud automation systems offer the ability to dynamically add and remove resources as needed; this is referred to as elasticity.
**Jerry is explaining to his customer that the cloud virtualizes hardware resources such as memory, CPU, and storage. These resources are then allocated to virtual machines. What cloud concept is Jerry referring to?
On-demand virtualization
Dynamic scaling
Resource pooling
Elasticity
Resource pooling is a term used in cloud computing environment where the cloud service provider allocates resources into a group, or pool, and then these pools are made available to a multitenant cloud environment. The resources are then dynamically allocated and reallocated as the demand requires
You have been asked in a company security meeting about demarcation of security responsibilities between your private cloud and your public cloud provider. What model would you explain to your management the public cloud provider follows?
Availability zones
Community
Shared responsibility
Baselines
Shared responsibility
**Pete accesses his account in a public cloud, adds two middleware servers to his fleet, and logs back off. What type of cloud feature allows him to add servers?
Bursting
Pay-as-you-grow
Multitenancy
On-demand
On-demand -allows a cloud customer to dynamically add resources with the use of an online portal.
**What is monitored in cloud management systems to collect performance metrics?
Database
Server
Hypervisor
Objects
Objects -Objects are queried to gather metric data.
Which of the following is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients?
DaaS
VPN
NIDS
CaaS
DaaS -Desktop as a Service (DaaS) is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
Which of the following delivers cloud-managed applications as well as the underlying platform and infrastructure support?
SAN
DaaS
Saas
CaaS
SaaS
In which cloud computing model does the cloud provider takes responsibility up to the operating system level, including all hardware and OS software?
UCaaS
PaaS
DaaS
CaaS
PaaS
Which cloud delivery model is used by a single organization?
Hybrid
Public
Private
Community
Private
Which of the following is a hosting service that is located remotely from a company's data center?
Resource pooling
Off-premise
On-demand
Measured service
Off-premise
Your company has decided to interconnect its cloud services with three different service providers. What type of cloud delivery model is it creating?
Public
Community
Private
hybrid
hybrid
A medical records company wants to take advantage of a complex application but wants to realize the cost savings by accessing a shared instance of the application hosted in the cloud. Because of regulatory requirements, what type of cloud delivery model would you recommend they use?
Public
Hybrid
Private
community
community
**Which of the following allows you to access a self-service portal and instantly create additional servers, storage, or other services?
Bursting
Pay-as-you-grow
Multitenancy
on-demand
on-demand cloud service allows the cloud customer to access a self-service portal and instantly create additional servers, storage, processing power, or any other services as required. If the computing workload increases, then additional cloud resources can be created and applied as needed.
Which of the following automates the provisioning of cloud services and includes a self-service dashboard?
off-premise
Orchestration
On-demand
Load balancing
Orchestration
A cloud service provider allocates resources into a group. These resources are then dynamically allocated and reallocated as the demand requires. What is this referred to as?
off-premise
Resource pooling
On-demand
Measured service
Resource pooling
Which of the following controls network traffic between VMs, including VMs hosted on the same server and VMs hosted on other servers on the physical network?
NIC
Virtual switch
Firewall
VPN
Virtual switch
**Which of the following cloud components include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks?
Networking
Automation
Computing
Storage
Virtualization
Networking -Network cloud services include traditional switching and routing as well as services such as load balancing, DNS, DHCP, and virtual private networks.
Jillian is working on a project to interconnect her company's private data center to a cloud company that offers e-mail services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating?
Public
Hybrid
Community
Private
hybrid
Connie is the chief information officer at a medium-sized accounting firm. During tax preparation season, the internal demand for computing resources rises, and then after the taxes are filed, the computing capacity is no longer needed. She is being asked to create a more efficient and agile solution to her company's operations that maximizes operational expenditures. What servers does the public cloud offer to meet her needs?
Elasticity
On-demand computing
Availability zones
Resiliency virtualization
Pay-as-you grow
Resource pooling
Elasticity
On-demand computing
Pay-as-you grow
-all examples of being able to expand and contract cloud compute resources as your needs require.
Which of the following networks is used in the creation and testing of new cloud-based services and is primarily used by software programmers and DevOps groups in the creation of new applications and services?
Production network
Quality Assurance network
Development network
Storage area network
Development network
You are evaluating the physical layout of a large public cloud company. Your company's operations require local data centers in Japan, Kuwait, Berlin, and Chicago to host low-latency web services for your customers. What cloud architecture should you implement?
Regions
Auto-scaling groups
Availability zones
Global DNS affinity
Regions
An organization wants to create a server VM that is segregated from the rest of the servers. Which of the following should the server administrator configure?
HBA
VPN
VNIC
iSCSI
VNIC -is a program that virtualizes a physical network interface card, and is used by a virtual machine as its network interface. It enables the virtual machine to communicate with other virtual machines on the same host, but not on physical networks unless it is configured to bridge to the host NIC.
Ichika is preparing a change management plan to increase the processing abilities of one of her middleware servers. What components can she upgrade to increase server performance?
Each correct answer represents a complete solution. Choose three.
CPU
SLA
RAM
NETWORK I/O
ACL
DNS
CPU
RAM
NETWORK I/O
You have been hired as a cloud architect at a large corporation that maintains their own operations in six different data centers that are geographically diverse for high availability. What deployment model is this?
Hybrid
Public
Private
Community
Private
What technology allows for a secure connection over an insecure network?
Direct peering
IDS
VPN
AES-256
RDP
VPN
James is requesting assistance in configuring a cloud solution that allows him to access his server fleet's management console hosted in a community cloud. He wants you to recommend a solution that allows access over the Internet from multiple remote locations. What solution would you recommend James to use?
Load balancing
Automation
VPN
Firewall
VPN
If the physical RAM installed on the motherboard is 64GB, and the 32 VMs running on that server are all configured for 4GB of RAM each, then with 128GB allocated and with 64GB physically available, what would be the overcommitment ratio?
8:1
2:1
16:1
1:2
2:1
**Which of the following is a part of a sector header in a storage system that is used to identify the content of the data?
Object ID
Extended metadata
Metadata
Thick provisioning
Metadata -is a part of a file or sector header in a storage system that is used to identify the content of the data. It is used in big data applications to index and search for data inside the file.
**Cheryl is deploying a new MySQL database in her private cloud. She needs a fault-tolerant solution and plans to create read replicas of the database in a different availability zone. For performance reasons, she has decided to update the replica in near real time after the initial write operation on the primary database. What type of solution is this?
Synchronous
Asynchronous
Volume sync
Remote mirroring
RAID 5
Asynchronous -Asynchronous replication is when data is written to the primary first and then later a copy is written to the remote site on a scheduled arrangement or in near real time
You are reviewing your private cloud's infrastructure and are validating the resiliency of all systems. The data center has six racks of storage arrays that are configured to each lose one drive and remain operational. The servers hosting the hypervisors interconnect to these arrays and need to access block data that is lossless. What is the interconnect method commonly used?
RAID 5
Zoning
VMFS
SAN
DAS
SAN
Ricky is in the process of migrating his company's servers to the cloud. When undertaking the migration, he is required to reinstall the operating system, application, and data files onto a new VM from scratch. What type of migration is Ricky performing?
Virtual to virtual
Physical to virtual
Virtual to physical
Physical to physical
Physical to virtual
You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a VMware-based server in the public cloud. What type of migration is this?
vMotionP2V
Private to public
V2V
Synchronous replication
P2V
Because of cost savings and the need to be able to dynamically scale resources, you have decided to move a fleet of virtual machines from your corporate data center to a public cloud IaaS service. However, the cloud provider has special hypervisor requirements that are different from your operations. What type of migration would you need to perform to move the VMs to the cloud?
Orchestration
P2V
Private to public
V2V
Synchronous replication
V2V
To ease the management requirements for the operations group, you are being asked to streamline user access control for your storage operations group. Many users and applications require rights to manage storage buckets and then put in a change request to have their rights removed when the change is completed. What rights management solution would you recommend to operations that reduces the labor of adding and removing users to the buck storage management group?
Mandatory access control
Nondiscretionary
Roles
Multifactor
Roles
Which of the following are considered as secure network communication protocols?
Each correct answer represents a complete solution. Choose three.
DNS
SSH
HTTPS
FTPS
SMTP
SSH
HTTPS
FTPS
Carl is documenting his employer's cloud deployment needs to label the cloud delivery model which is used by a single organization. As a Cloud+ consultant, what would you suggest he name his internal cloud?
Hybrid
Public
Private
Community
Private
Jennifer is reviewing a document from her secondary community cloud provider. What is the document that outlines specific metrics and the minimum performance that is offered by the cloud provider?
SSL
SLA
Benchmarking
Baseline
SLA
Jerry is learning about cloud storage systems and she is interested in learning about high-speed network storage solutions. What would you recommend she focus her research on?
SSO
NAT
RBAC
SAN
SAN
Which of the following authentication systems requires something you have and something you know?
Single sign-on
Mutual
IDS
Multifactor
Multifactor
Homer designed an application tier for his company's new e-commerce site. He decided on an IP subnet that uses the /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments?
SLA
Default gateway
DNS
NTP
API
SNMP
Default Gateway
DNS
NTP
Harold is drafting a change document to migrate a back-office application from his company's private cloud to a global public cloud provider. As part of the migration, he plans on directly interconnecting the two clouds. What is this type of cloud?
Public
Hybrid
Community
Private
Hybrid
What application tracks a process from start to finish?
API
NTP
Workflow
Orchestration
Workflow
**You are preparing a presentation to your company's IT management that explains physical resources that become virtualized and presented as resources to virtual machines running on hypervisors. What resources do the hypervisors consume?
Each correct answer represents a complete solution. Choose two.
Bare-metal cores
Virtual RAM
Virtual CPUs
RAID
Virtual Storage
Virtual RAM
Virtual Storage
A hypervisor virtualizes RAM and storage; the VMs operating on the hypervisor will access these pools.
hypervisor will not consume bare-metal cores, virtual CPUs, and RAID.
Martha has configured a storage infrastructure where the file server sitting on an Ethernet-based LAN hosts shared directories, and files are sent over the network rather than blocks of data. What type of storage configuration is this?
Direct-attached storage
Network-attached storage
Storage area networks
Object-based storage
Network-attached storage
The reference design for a database server recommends using a durable block storage option that is durable, offers high utilization rates, and also supports striping that allows a parity bit to be used to reconstruct a volume if a single SSD fails in the array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure?
RAID 0
RAID 1
RAID 3
RAID 5
RAID 5
Which of the following infrastructure services addresses the issues found when cloud workloads and connections increase to the point where a single server can no longer handle the workload or performance requirements of web, DNS, and FTP servers; firewalls; and other network services?
Load balancing
Certificate services
Dynamic host configuration protocol
Domain name service
Load balancing
Janine is in the process of implementing a hybrid cloud model that connects her company's private cloud to a public cloud that supports on-demand web hosting. To ease the management of the remote resources for her network operations center, she wants to implement LDAP in the remote cloud services to interconnect with her locally hosted Active Directory servers. What type of system is she deploying?
Token-based 2FA
SSO
RSA
Nondiscretionary
SSO
**Which of the following is an IP-based storage networking standard for linking data storage facilities?
iSCSI
DHCP
DAS
NAT
iSCSI
Internet Small Computer System Interface (iSCSI) is an IP-based storage networking standard for linking data storage facilities. It is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks.
A server technician has been given a task to select the appropriate RAID level that can recover the losing data if the server's hard drive crash. Which of the following RAID levels can fulfill this demand?
Each correct answer represents a complete solution. Choose all that apply.
RAID 0
RAID 1
RAID 5
RAID 10
RAID 1
RAID 5
RAID 10
**Harold will modify an NACL to modify remote access to a cloud-based HR application. He will be submitting a detailed plan that outlines all details of the planned change. What process is he following?
Cloud automation
Change advisory
Change management
Rollout
Change management
Change management includes recording the change, planning for the change, testing the documentation, getting approvals, evaluating and validating, writing instructions for backing out the change if needed, and doing post-change review if desired.
Which of the following protocols are used for messaging?
Each correct answer represents a complete solution. Choose all that apply.
telnet
POP3
SMTP
IMAP4
POP3
SMTP
IMAP4
**Maria, a cloud engineer, is working in an organization whose online wealth application resides in a community cloud environment. She notices that during peak times, users are unable to access their online wealth management applications in a timely fashion. What should she do first to resolve the issue?
Access the cloud services portal and ensure there is adequate disk space available.
Access the cloud services portal and ensure all users are accessing it through the same web service.
Access the cloud services portal and ensure memory ballooning is enabled.
Access the cloud services portal and ensure the ACLs are set correctly for the user community.
Access the cloud services portal and ensure memory ballooning is enabled.
- The memory ballooning is a hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses. It is a memory management feature which is used in most virtualization platforms that allows a host system to artificially enlarge its pool of memory by taking advantage or reclaiming unused memory previously allocated to various virtual machines.
Which of the following regulatory requirements concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system?
SOC 1
SOC 2
SOC 3
ISO 27001
SOC 2
The Service Organization Controls 2 (SOC 2) report concerns a business's nonfinancial reporting controls for the availability, confidentiality, privacy, processing integrity, and security of a system.
**As a security administrator of an enterprise data center, you need to check the operating systems that are being used in the company. You find one of the operating systems originally loads with unneeded services such as printing, various networking services such as DHCP, and an FTP server enabled. These services might expose the operating system to potential malicious activity. What will you do to harden the operating system?
Remove the services that are not in use.
Disable the services that are not in use.
Install antivirus.
Implement host-based firewall security.
Disable the services that are not in use
If an operating system originally loads with unneeded services such as printing, various networking services such as DHCP, and a web or FTP server enabled, they should be disabled so there is no longer any exposure for attacks on those entry points.
Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with?
SOC 3
HIPAA
MPAA
ISA 2701
HIPAA
Cathy is preparing her company's migration plan from a private to a hybrid cloud. She wants to outline firewall and DDoS requirements. What document should she create?
DIACAP
Security policy
Service level agreement
SOC 2
Security policy
Allison is working on her company's new e-commerce rollout at a large public cloud provider. She wants to secure all web traffic between the client and her site when a user proceeds to checkout and places orders. What security protocol would she be implementing?
MD5
SSL/TLS
IPsec
VPN
SSL/TLS
You are a web server administrator of your company. You want to authenticate the end user for all the applications the user has been given rights to and eliminates further prompts when the user switches applications during the same session. Which approach of access control should you use?
Multifactor authentication
Single sign-on
Role-based access control
Mandatory access control
Single sign-on
Which of the following low-level security methods do the cloud provider use on their storage area network and storage head-end controllers? Each correct answer represents a complete solution. Choose two.
ACL
VSAN
PKI
LUN Masking
VSAN
LUN Masking
Virtual storage area network (VSAN) is implemented at the SAN level and LUN masking is configured on storage controllers, and they are low-level storage access methods.
**Harry is the cloud administrator for a company that stores object-based data in a public cloud. Because of regulatory restrictions on user access to sensitive security data, what type of access control would you suggest he implement to meet his company's security policies?
Discretionary
Mandatory
RBAC
Nondiscretionary
Mandatory
mandatory access control approach is often found in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed.
**Brad has been tasked with encrypting data in flight into his e-commerce presence in a community cloud. He is investigating a standards-based secure solution that web customers can easily implement to ensure secure transactions. What is a good solution that you would recommend to Brad?
ARP
3DES
SSL
IPSec
SSL
Secure sockets layer (SSL) makes up a protocol group that operates on top of TCP to provide an encrypted session between the client and the server. It is commonly seen on websites implemented as the Hypertext Transport Protocol Secure (HTTPS) protocol.
What is the National Institute of Standards and Technology publication that coordinates the requirements and standards for cryptography modules?
FISMA
FedRAMP
FIPS 140-2
PCI-DSS
FIPS 140-2
**What is a report for the public disclosure of financial controls and security reporting that does not contain sensitive and technical information called?
SOC 1
SOC 2
SOC 3
FISMA
SOC 3
The SOC 3 report is for the public disclosure of financial controls and security reporting. Since the SOC 2 report can contain sensitive and technical information, the SOC 3 report was created to offer a diluted, marketing-oriented, or nontechnical summary of the SOC 2 report.
To secure a data center interconnect between your company's Sydney and Berlin regions, you are being asked what a common solution is that allows interoperability between the various vendors' firewalls and routers in each region. What is a good solution for securing interconnects over the Internet and between dissimilar hardware and software security devices?
AES
SOC-3
IPSec
RC5
IPSec
IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet and are standards based to allow for interoperability.
Which U.S. federal government policy and standard would you focus on to help secure information systems (computers and networks)?
FedRAMP
RMF
FISMA
Section 405.13 for DoD rule A286
RMF
**James has allowed access to a development server for certain hours of the day, granting another user complete control over a server fleet or storage system for administrative purposes. What type of access control is this?
Discretionary Access Control
Nondiscretionary Access Control
Mandatory Access Control
Role-Based Access Control
Nondiscretionary Access Control
The given scenario is an example of nondiscretionary access. Nondiscretionary access control defines a set of rules to allow or deny access to an object, system, or service in the cloud. It is a method of access control that allows the objects to be accessed based on rules, privileges, and roles that define access.
Fluentes is a security consultant for a day trading company that must implement strong encryption of data at rest for their cloud storage tiers. What is the best option that meets most security regulations for the encryption of stored data?
3DES
RSA
AES-256
Rivest Cipher 5
AES-256
**Which of the following types of deployment is referred to as a multi-availability zone architecture?
Storage segmentation
Cloud segmentation
Computing segmentation
Multifactor segmentation
Cloud segmentation
is the process of dividing your cloud deployment into sections to allow for granular security polices to be applied. It is referred to as a multi-availability zone architecture.
Who is responsible for all regulatory and security compliance requirements for a cloud deployment when implementing operations in the cloud?
Cloud provider
Cloud customer
Third-party agency
Service provider
Cloud customer
When implementing your operations in the cloud, the cloud customer is responsible for all regulatory and security compliance requirements for his cloud deployment.
Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud's development zone. When he restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage did he implement?
Durable
RAID
Ephemeral
Nondurable
Block
Object
Ephemeral
Nondurable
Bill is a security engineer at your firm and is involved in a multifactor authentication project. What options do you suggest he offer to his user base to access their login tokens?
Each correct answer represents a complete solution. Choose all that apply.
Python app
Smartphone app
Automation systems
Keyfob
Cloud vendor management dashboard
Smartphone app
Keyfob
One-time numerical tokens are generated on keyfob hardware devices or smartphone soft-token software applications.
Which of the following automation tools is a defined means to programmatically access, control, and configure a device between different and discrete software components?
Application Programming Interface
Vendor-Based Solution
Command Line
Web Graphical User Interface
Application Programming Interface
Louis is a DevOps engineer and is exploring the different options available to him to automate VM troubleshooting in a private cloud. What are common interfaces that you would suggest he investigate?
Each correct answer represents a complete solution. Choose three.
GUI
SNMP
API
PaaS
CLI
GUI
API
CLI
Application programmable interfaces, command-line interfaces, and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.
What technology has been instrumental in the growth of on-demand cloud services?
XML
Python
Automation
Authentication
Automation
Hank is researching the methods that his network operations center can use to access the Berlin hosted servers operating in a hybrid cloud configuration. Which of the following are not viable methods? Each correct answer represents a complete solution. Choose all that apply.
RDP
Telnet
IDS/IPS
DNS
SSH
IDS/IPS
DNS
When installing a new virtualized intrusion prevention system that is designed for cloud-based network micro-segmentation deployments, the management application requires you to download a Java configuration utility. What kind of automation system is this?
CLI
GUI
Vendor based
API
RESTful
Vendor based
A company wants to ensure that their cloud infrastructure is secure but fully available. They want to be alerted in the event of a security breach, but chose a response for each alert. Which of the following solutions would meet these requirements?
DMZ
WPAN
HTTP
IDS
IDS
**A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the most likely reason?
The administrator can deploy the new load balancer via the cloud provider's web console.
The administrator is not using the correct cloud provider account.
The administrator needs to update the version of the CLI tool.
The administrator needs to write a new script function to call this service.
The administrator needs to update the version of the CLI tool.
A command-line interface is a text-based interface tool used to configure, manage, and troubleshoot devices. It allows devices to be automated though configuration scripts. Users who become familiar with the CLI interface of a device are proficient in extracting detailed and specific data and effective configurations much more quickly than is possible when using a web browser.
James, a network administrator, is implementing a private cloud that will be used as a test environment. To limit the number of guests per subnet to a maximum of 14, he implemented a /20 network. Which of the following should he use to assign the networks?
NAT
DNS
DHCP
IPSec
DHCP
James, a cloud architect, created a new delivery controller for a large VM farm to scale up according to organizational needs. The old and new delivery controllers now form a cluster. However, the new delivery controller returns an error when entering the license code. Which of the following is the most likely cause?
Telnet
SSL
DHCP
Firewall
firewall
A company security policy mandates education and training for new employees. The policy must include the controls attempt to get the system back to normal if any damage caused by an incident. Given these requirements, which of the following security controls is best suited?
Corrective
Detective
Preventive
Physical
Corrective
**In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures?
DMZ
SSH
WAF
IDS
WAF
A web application firewall (WAF) is a firewall that is deployed to secure an organization's web applications and other application-based infrastructure from attackers. It monitors, filters or blocks data packets as they travel to and from a Web application. It can be either network-based, host-based or cloud-based and is often deployed through a proxy and placed in front of one or more Web applications.
Which of the following is a piece of software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations?
Rollout
PAtch
Hotfix
Version Update
Patch
What are common automation systems that are used for patch management?
Each correct answer represents a complete solution. Choose three.
Chef
Cloud-patch
Ansible
DevOps
Puppet
Cloud deploy
Chef
Ansible
Puppet
You have designed a web architecture that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement?
Cluster
DevOps
Blue-green
Rolling
Blue-green
Pete is troubleshooting a SQL database hosted in a public cloud using the IaaS service model. The database vendor has identified a bug in the table merge feature and is requesting that he install a software change that is designed for rapid deployment that corrects a specific and critical issue. What type of fix is this?
Hotfix
Patch
Version Update
Rollout
Hotfix
Cheryl is preparing to perform a major upgrade on a critical virtual machine. She wants to have a back-out plan if the upgrade validation fails. What virtual machine backup method creates a file-based image of the current state of a VM including the complete operating system and all applications that are stored on it that she can use to restore the VM if the testing of the upgrade fails?
Full backup
Snapshot
Clone
Replicate
snapshot
Ann has created a master image of a web server that she plans to use for adding new servers for her horizontally scaled e-commerce site. What VM backup method can be used to create an image to be used as a template to create additional systems?
Full backup
Snapshot
Clone
Replicate
Clone
**Which of the following creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN)?
Full backup
Cloning
Snapshot
replicate
Cloning
Cloning creates an identical copy of the data that may be a storage volume, a filesystem, or the logical unit number (LUN) on a storage area network (SAN).
**Physical resources are virtualized and presented as resources to virtual machines running on hypervisors. What common resources does the hypervisor consume?
Each correct answer represents a complete solution. Choose two
Bare-metal cores
Virtual RAM
Virtual CPUs
RAID
Virtual Storage
Virtual RAM
Virtual Storage
A new application patch is being validated prior to release to the public. The developers have a release candidate, and the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does, in fact, resolve the problem. What process is he verifying?
Rollout
Orchestration
Automation
QA
QA
**Jill is performing a Tuesday night backup of a Tier 2 storage volume that she has already completed a full backup of on Sunday night. She only wants to back up files based on changes of the source data since the last backup. What type of backup is she performing?
Full
Differential
Incremental
Online
Incremental
Incremental backups are operations based on changes of the source data since the last incremental backup was performed.
To meet regulatory requirements, your company must provide geographical separation between active and backup data of certain medical records your company collects and processes in Germany. The requirements stipulate that the data cannot leave the country and must be in two or more data centers. As the cloud professional for your company, what recommendations would you offer to meet these requirements?
Remote
Full
Local
Incremental
Remote
Jennifer, a cloud administrator, is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM. Which of the following features should the administrator use?
Business continuity
Asynchronous replication
Process scheduling
Synchronous replication
Process scheduling
Which deployment system offers a structured process for a series of actions that should be taken in order to complete a process?
NTP
API
Workflow
Orchestration
Workflow
Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime during the process. What upgrade approach should Marlene perform to meet these requirements?
Orchestration
Rolling
Hotfix
Blue-green
Rolling
What are tightly coupled computers that allow for software patching without incurring downtime called?
Blue-green
Hotfix
Runbook
cluster
cluster
Which of the following is the process of replicating data in real time from the primary storage system to a remote facility?
Synchronous
ASynchronous
Site mirroring
RTO
Synchronous
Sharon has been directed to put together a disaster recovery plan based on directives from her company's executive management team. The company's core business is operating an e-commerce website selling winter apparel with 85 percent of its revenue received during the holiday season. If there was a prolonged outage, it would put the company's ability to continue as a financially viable operation in peril. Sharon has been instructed to create a plan that will restore operations in the shortest amount of time possible. Which disaster recovery model should she implement?
Hot site
Warm site
Alternate site
Cold site
hot site
**Which of the following disaster recovery sites doesn't have any resources or equipment except for elevated floors and air conditioning?
Hot site
Warm site
alternative site
cold site
cold site
Data replication is often used to store copies of real-time data in remote zones. When there is a need to have the master data immediately updated, and then on the backend, update the remote zones. What type of replication would you recommend to configure?
Synchronous
ASynchronous
Site mirroring
RTO
ASynchronous
**During a disaster recovery switchover, which network services may need to be modified as part of a multisite failover to the backup site?
Each correct answer represents a complete solution. Choose all that apply.
DNS
DHCP
SSH
FTP
IPSec
DNS
DHCP
FTP
The network disaster recovery services that need to be addressed are Domain Name Services (DNS), Dynamic Host Configuration Protocol (DHCP), File Transfer Protocol (FTP), Active Directory, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access Controller Access-Control System (TACACS). These services are well suited for a multisite deployment that offers failover in case of an outage.
Mark has been reviewing disaster recovery planning, and after receiving direction from his company's board of directors, it has been determined that they can only withstand a maximum of 36 hours of downtime. Mark is updating his DR plan with this new metric. What part of the plan should he modify?
SLA
RPO
RTO
MTTR
RTO
James has been directed by his employer's finance department that they cannot afford to lose any more than 30 minutes of data in the case of a database failure or other catastrophic event. James has updated his corporate business continuity plan and has had his cloud provider update its SLA. What was the metric that was changed?
SLA
RTO
RPO
MTTR
RPO
Which of the following is a hierarchical scheme of databases that map computer names to their associated IP addresses?
NAT
DHCP
DNS
IPSec
DNS
To meet regulatory requirements, a medical records company is required to store customer transaction records for seven years. The records will most likely never be accessed after the second year and can be stored offline to reduce expenses. What type of storage should they implement to achieve the goal?
File transfer
Archive
Replication
Data store
Archive
Larken is reviewing the SLA and statement of responsibility with their community cloud provider PaaS. Who does the responsibility for stored data integrity in the cloud belong to?
Cloud provider
Compliance agency
Cloud customer
Shared responsibility
cloud customer
To increase TipoftheHat.com's security posture, Alice is reviewing user accounts that access the community cloud resources. Alice notices that the summer interns have left to go back to school, but their accounts are still active. She knows they will return over the winter break. What would you suggest Alice do with these accounts?
Do nothing
Delete the accounts
Disable the accounts
Change the resource access definitions
Modify the confederation settings
Change the access control
Disable accounts
What is SLA?
Each correct answer represents a complete solution. Choose all that apply.
A business continuity plan
A document that defines all levels of service that the provider is promising to provide to the customer
A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed
A contract that defines how various IT groups within a company plan to deliver a service or set of services
A document that defines all levels of service that the provider is promising to provide to the customer
A binding contract, defining the service promised, that a customer can use for litigations whenever those promises are constantly missed
Pierre is deploying a solution that allows data for his e-commerce operations hosted in a public cloud to be reached at remote locations worldwide with local points of presence. He wants to reduce the load on his web servers and reduce the network latency of geographically distant customers. What are these facilities called?
Region
Edge location
Availability zone
Replication
Edge location
Jillian is a Cloud+ consultant for an auto parts company based in central Michigan. She is putting together a disaster recovery plan that includes a remote backup site that has a SQL server instance running at that location with a synchronously refreshed data replica. Her plan calls for activating all other services in the event of a hurricane causing an outage at her primary data center. What model is Jillian going to deploy to meet the requirements?
hot site
Warm site
Cold site
Active/passive
warm site
Leonard is creating disaster recovery documents for his company's online operations. He is documenting metrics for a measurable SLA that outlines when you can expect operations to be back online and how much data loss can be tolerated when recovering from an outage. Which metrics is he documenting?
Each correct answer represents a part of the solution. Choose all that apply.
RSO
RTO
RPO
DR
VxRestore
RTO
RPO
**Which of the following enables consumers to rent fully configured systems that are set up for specific purposes?
DaaS
PaaS
SAN
CaaS
PaaS
is a cloud computing service that enables consumers to rent fully configured systems that are set up for specific purposes. It provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application.
Samantha has been monitoring her cloud web server dashboard and notices that the CPU utilization on her company's database servers has been consistently at more than 80 percent utilization. She checked her baselines and reported that 57 percent utilization is normal. What is she noticing?
MTTR
Variance
Trigger
Elasticity
Variance
Allison is preparing to modify a network access control list and add three firewall rules to her private cloud HR systems. She is planning on submitting a detailed plan to accomplish these tasks. Which process is Allison following?
MTSR
Patch management
Change management
Trigger
Change Management
An organization's IT department wants to know what its normal day-to-day web hit count is so it can plan for the upcoming holiday selling season. Jim's job is to measure the incoming web requests and graph them against delay and missed connection counts. What type of data set is Jim producing?
Baseline
SOC 2
Benchmarking
SLA
Baseline
Peter has been tasked to develop a cross-cloud provider migration plan as part of his company's business continuity plan. As he assesses the feasibility of migrating applications from one public cloud provider to another, what does he find is the service model that has the most lock-ins and is the most complex to migrate?
IaaS
PaaS
CaaS
SaaS
SaaS
Matt is preparing for an upcoming promotion his company is offering during a major soccer game. He needs to determine his options to add capacity to his company's web server farm so it can handle the anticipated additional workload. You are brought in to consult with him on his options. What do you recommend as possible solutions?
Each correct answer represents a complete solution. Choose all that apply.
vertical scaling
horizontal scaling
variance
cloud bursting
trigger
vertical scaling
horizontal scaling
cloud bursting
Which of the following is the ability to automatically and dynamically add additional resources such as storage, CPUs, memory, and servers in the cloud?
utoscaling
Variance
Elasticity
Trigger
Elasticity
Which of the following is referred to as the measurement of the difference between the current reading and the baseline value?
Baseline
Metric
Smoothing
Variance
Variance
**Cloud capacity can be measured by comparing current usage to what?
Orchestration
Automation
NTP
Baseline
APIs
Baseline
What type of cloud data set measures object metrics to determine normal operations?
Metric
Variance
baseline
smoothing
baseline
**Which of the following statements are true of cloud bursting?
Each correct answer represents a part of the solution. Choose all that apply.
It does not require compatibility between the designated public cloud platform and the private cloud.
It is recommended for non-critical applications that handle non-sensitive information.
It is an application deployment model in a hybrid cloud setup.
It is used to move out applications to the public cloud to free up local resources to run business applications.
It is recommended for non-critical applications that handle non-sensitive information.
It is an application deployment model in a hybrid cloud setup.
It is used to move out applications to the public cloud to free up local resources to run business applications.
Which of the following is the means by which a person's electronic identity and attributes are linked across multiple distinct identity management systems?
Public key infrastructure
Federation
Obfuscation
Multifactor authentication
federation
Janice manages the MySQL database back end that runs on a multi-CPU instance that has reached 100 percent utilization. The database can run on only a single server. What options does she have to support the requirements of this database?
horizontal scaling
Vertical scaling
Pooling
Bursting
Vertical scaling
Eva is the network architect for her company's large cloud deployment; she has interconnected her private cloud to a community cloud in another province. She is investigating using the community cloud to supplement her private cloud workload during end-of-month processing. What operation is she going to perform?
elasticity
Bursting
Vertical scaling
Auto-scaling
bursting
Carl is planning for a large advertising campaign his company will unveil. He is concerned that his current e-commerce server farm hosted in a public cloud will be overwhelmed and suffer performance problems. He is researching options to dynamically add capacity to the web server farm to handle the anticipated additional workload. You are brought in to consult with him on his options. What can you recommend as possible solutions?
Each correct answer represents a complete solution. Choose three.
vertical scaling
horizontal scaling
edge cache
Cloud bursting
Core elasticity
vertical scaling
horizontal scaling
cloud bursting
As a Cloud+ certified professional, you have been asked to review your company's hybrid servers to ensure they are properly hardened from a malicious attack. You review the servers' active user accounts and see that there are accounts that belong to consultants who review your operations once each year. They are not scheduled to return for 10 more months. What should you do with these accounts?
Do nothing
Delete the accounts
Disable the accounts
Change the resource access definitions
Modify the confederation settings
Change the access control
disable accounts
After upgrading an accounting application in your IaaS fleet of servers, you notice that the newly installed features in the upgrade dramatically increase the local processing requirements for the servers. What virtual resource can be increased to account for the new application's added requirements?
DMA
BIOS
IPSec
CPU
I/O
cpu
Matts is preparing a change management plan to add CPU capacity to a busy database server used by his order entry department. What type of scaling involves replacing an existing server with another that has more capabilities?
Horizontal
Round robin
Elasticity
Auto-scale
vertical
vertical
**Jennifer plans to modify a firewall access control list to allow RDP connections from a new remote office into her private cloud data center. She is creating a document that details all the steps required to implement the new rule set. What process is she following?
Cloud automation
Change advisory
Change management
Rollout
Change management
Which of the following is an application deployment model in which an application runs in a private cloud or data center and moves into a public cloud when the demand for computing capacity spikes?
Cloud bursting
Cloud automation
Multitenancy
Resiliency
Cloud bursting
Which of the following is a composition of two or more clouds that are unique entities but are bound together and provide the benefits of multiple deployment models?
Hybrid
Public
Private
Community
hybrid
What type of scaling includes adding additional servers to an existing pool?
Horizontal
Round robin
Elasticity
Auto-scale
Vertical
Horizontal
What is the term associated with using a second cloud to accommodate peak loads?
Elasticity
Vertical-scaling
Auto-scaling
bursting
bursting
The ability to dynamically add virtual machine compute resources on demand such as storage, CPUs, and memory is referred to as what?
Bursting
Pooling
Elasticity
Orchestration
Elasticity
A MySQL database backend application operates on a multi-CPU instance that is nearing 100 percent utilization. However, the database can run on only a single server. What options are available to support the requirements of this database?
Horizontal scaling
Vertical scaling
Pooling
Bursting
Vertical scaling
The DevOps team is requesting read/write access to a storage bucket in the public cloud that is located in a backup region. What kind of services are they requesting?
Authorization
Authentication
Federation
SSO
Authorization
Donald has been tasked by the IT security group in his company to prevent dictionary login attacks to the company's VMs running in a private cloud at a remote data center. You have been brought in to offer him advice to deter the random but steady login attacks. What would you recommend be enabled to help prevent this type of cyber-attack?
Autoscaling
Variance
Lockout
Trigger
Lockout
Cloud bursting can alleviate which of the following attacks?
Brute force
XSS
Buffer overflow
DDoS
DDoS
**A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement?
Configure HIPS policies.
Configure IDS policies.
Configure security groups.
Configure a network ACL.
Configure security groups.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a virtual private cloud, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in the virtual private cloud can be assigned to a different set of security groups.
**A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution?
Implement a HBA.
Implement a VPN.
Implement a network ACL.
Implement content filtering.
Implement a network ACL.
A network access control list (ACL) is an optional layer of security for your virtual private cloud that acts as a firewall for controlling traffic in and out of one or more subnets. It contains a numbered list of rules that we evaluate in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL.
When monitoring performance metrics on one of your servers, you notice that the server is utilizing 100 percent of the network bandwidth available to it. What modification could you make to the server that will most likely address the problem?
Add memory to the system
Install a second network adapter
Update the network adapter's firmware
Install a second processor
Install a second network adapter
Which of the following is the process of upgrading or replacing a server with one that has greater capabilities?
Horizontal scaling
Elasticity
Autoscaling
vertical scaling
vertical scaling
Which of the following is the variable delay between packets from source to destination?
Latency
Packet loss
QoS
jitter
jitter
Jitter is the variable delay between packets from source to destination. The excessive jitter will cause buffering and unpredictable performance for real-time traffic such as voice and video networks.
Which of the following is the process of adding cloud capacity by expanding your current server fleet by adding systems?
Horizontal scaling
Elasticity
Autoscaling
Vertical scaling
Horizontal scaling
Jennifer is writing a change management plan to increase the processing abilities of one of her middleware servers. Which of the following components can she upgrade to increase server performance?
Each correct answer represents a complete solution. Choose all that apply.
CPU
SLA
RAM
NETWORK I/O
DNS
CPU
RAM
NETWORK i/O
Cloud-based reports can be generated in which formats?
Each correct answer represents a complete solution. Choose all that apply.
PDF
JSON
Excel
GUI
CLI
PDF
EXCEL
Which of the following outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics?
QOS
RDP
SLA
VPC
SLA
Which of the following are examples of vertical scaling?
Each correct answer represents a complete solution. Choose all that apply.
adding memory to host
Adding more disks
Increasing number of servers
adding more cpu cores
adding memory to host
Adding more disks
adding more cpu cores
Capacity and utilization reporting often contains data on which of the following objects?
Each correct answer represents a complete solution. Choose three.
CPU
OS Version
Volume tier
RAM
Network
CPU
RAM
Network
Niko is generating baseline reports for her quarterly review meeting. She is interested in a public cloud application server's memory utilization. Where does she generate these reports?
Hypervisor
Databases
Logging servers
Cloud management and monitoring application
Cloud management and monitoring application
A cloud infrastructure function that can grow and shrink to meet peak demand requirements quickly is known as:
Autoscaling
Variance
Elasticity
Trigger
Elasticity
Upgrading to a newer operating system may require that you update what?
SOC 2
Baseline
Benchmarking
SLA
baseline
The network operations center has implemented object tracking on their monitoring application. What information can this give them?
Each correct answer represents a complete solution. Choose three.
Resiliency
trends
metrics
ACLs
Peak usage
Anomalies
Peak usage
Anomalies
Trends
**David, a cloud administrator, has finished building a virtual server template in a public cloud environment. He is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, he notices that two of the servers do not have a public IP address. Which of the following is the most likely cause?
The maximum number of public IP addresses has already been reached.
The two servers are not attached to the correct public subnet.
The two servers do not have enough virtual network adapters attached.
There is no Internet gateway configured in the cloud environment.
The two servers do not have enough virtual network adapters attached.
A virtual network adapter is a program (instead of a physical network adapter) that allows a computer to connect to a network. A virtual network adapter can also be used to connect all the computers on a local area network (LAN) to a larger network such as the Internet or a collection of LANs. A virtual network adapter is the logical or software instance of a physical network adapter that allows a physical computer, virtual machine or other computer to simultaneously connect to a network or the Internet. A virtual network adapter works like a typical network standard designed for various networking environments, application and services.
A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done first?
Develop a disaster recovery plan with partners/third parties.
Identify HA technology to provide failover.
Define the set of application-based SLAs.
Define the scope of requirements.
Define the set of application-based SLAs
What are the common cloud resources in a deployment that may saturate over time?
Each correct answer represents a complete solution. Choose all that apply.
RAM
CPU
Monitoring
Storage
RAM
CPU
Storage
Jeff has been monitoring resource usage increases in his web server farm. Based on trending data he has collected, there will be regular requirements to increase CPU capacity for his web servers as usage increases. Jeff wants to use the automation capabilities of his private cloud to automatically use the orchestration software to add CPU cores as required. What can he implement to automate this?
Elasticity
Variance
Autoscaling
Trigger
Autoscaling
Which of the following tracks a process and sequences the applications that are required to complete the process?
API
Runbook
Workflow
Orchestration
Workflow
What are the recommended procedures to take when preparing an outage response plan?
Each correct answer represents a complete solution. Choose three.
Configuration backups
SLA
Documentation
Diagrams
DHCP
Configuration backups
Documentation
Diagrams
Which of the following determines the size of an IP network and divides the IP address into network and node portions?
Default gateway
Firewall
VPN
subnet mask
subnet mask
In an organization, during a recent downtime window, the server team was applying patches to an application, and the networking team was upgrading a router's interface to 10 Gbps. When the network was down for the upgrade, the server team complained that they could not download the needed software patches. Which process should be modified to prevent this from happening in the future?
Orchestration
Patch management
Change management
API
Change management
Cloud capacity can be measured by comparing current usage to what?
SSL
Baseline
Benchmarking
SLA
Baseline
**Hank designed an application tier for his company's new e-commerce site. He decided on using an IP subnet that uses a /28 IPv4 subnet. He is planning for a maximum of 14 servers. You are brought in as a cloud architect to validate his design. What other devices may be on this subnet other than the servers that would also require IP address assignments?
Each correct answer represents a complete solution. Choose all that apply.
DNS
SLA
NTP
DHCP
DNS
NTP
In addition to the web servers, IP addresses may be required for the NTP and DNS services and the default gateway. The domain name system (DNS) is the primary name resolution service on the Internet and private IP networks. It is a hierarchical system of databases that map computer names to their associated IP addresses. The network time protocol (NTP) allows all devices to synchronize to a central clock or time service. It ensures that all devices report the same times to allow for synchronization of logging information.
Which of the following allows cloud objects to synchronize to a central clock or time service?
DNS
NTP
Databases
Middleware
NTP
**You are architecting a new cloud virtual container. There will be a maximum of 11 servers in the subnet that will each require a private IP address. You decide to use a /28 subnet mask for the IPv4 addressing plan. What other devices may be on this subnet other than the servers that would also require that an IP address be assigned to them?
Each correct answer represents a complete solution. Choose three.
Default Gateway
SLA
DNS
NTP
API
SNMP
DNS
NTP
Default Gateway
There has been a large increase in the number of read requests over time on your SQL database. You have been asked to evaluate the baseline variances. What would be the focus of your troubleshooting?
Memory
CPU
Storage
Networking
storage
**Which of the following automates tasks based upon the specific thresholds or events?
Orchestration
Thin provisioning
Thick provisioning
Authentication
Orchestration
is a process, which automates tasks based upon the specific thresholds or events. Orchestration platforms provide an automated technique for managing the cloud or computing environment. It also helps an IT department to meet the typical business requirements through provisions, automated workflows, and change management features.
Common cloud resources in your deployment that may saturate over time include which of the following?
Each correct answer represents a complete solution. Choose all that apply.
RAM
CPU
Power
PaaS
RAM
CPU
An organization upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the most likely cause and the best method to fix the issue?
There was an IP change to the VM. Make changes to the server properties.
The upgrade has a bug. Reboot the server and attempt the upgrade again.
There is an application compatibility issue. Roll back to the previous working backup.
The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect.
There is an application compatibility issue. Roll back to the previous working backup.
After deploying new VMs, the system administrator notices that it is not possible to connect to them using network credentials. After logging in, the administrator notices that the NTP servers are not set. Which of the following is most likely causing this issue?
Directory services requires the use of NTP servers.
The VMs are insufficiently licensed.
There is a time synchronization issue.
There is a directory services outage.
There is a time synchronization issue.
An application for internal-use only, on company-owned assets, would be best described as a private SaaS.
True
A few cloud services that can be consumed are?
-Email accounts -Websites -Data storage
Which of the following cloud services would be used to pay for hardware when it is being used for computing, network space, and storage over the Internet?
IaaS
Server virtualization allows the underlying physical server hardware to be shared.
True
Cloud computing is what?
-A kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand -A model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources such as networks, servers, storage, applications and services
A data centre is a facility used to house computer systems and associated components, such as telecommunications and storage systems.
True
Multitenancy allows system resources to be fully utilized before another server is brought online, further reducing the operating costs and data centre cooling that is required along with it.
True
Virtualization software separates physical infrastructures to create various dedicated resources.
True
As stated by the National Institute of Standards and Technology, cloud characteristics include:
-Rapid elasticity -Broad network accessibility
Being able to create websites and web services quickly is an example of which of the following?
PaaS
PaaS stands for?
Platform as a Service
Indications that your organization may be ready for the cloud are:
-Tied-up capital -Costly excess capacity -Running out of capacity
G Suite (formerly known as Google Apps, and different than Google Cloud Platform) is a set of online applications allowing users to create and share documents. This best describes which cloud type?
SaaS
SaaS stands for?
Software as a Service
You access a PaaS cloud by what means?
Web services
Cloud providers and cloud software include:
-Microsoft Azure -OpenStack -Amazon Web Services -Google Cloud Platform
Which of the following are cloud providers or cloud software?
-OpenStack -Microsoft Azure -Google Compute Engine -Amazon Web Services
Indications that your organization may not be ready for the cloud are:
-Your organization owns large data centers that often have enough scale to be as flexible and efficient as cloud computing providers -Legal and security (compliance) reasons can require an organization to know more details about the location of its data and servers than a cloud computing provider is able to provide -Predictable and fixed workloads can typically make optimal use of their hardware and do not need scaling
Cloud computing characteristics:
-Managed by the provider -Managed through self-service on demand -Network accessible -Sustainable
IaaS stands for?
Infrastructure as a Service
Some of important steps in the evolution from virtualization to the cloud are:
-Server virtualization -Distributed data centers -Private data centers -Hybrid data clouds and public clouds
Which of the following organizations is MOST likely to consider confidentiality requirements before implementing a backup and disaster recovery cloud solution?
-Organizations with legal or regulatory constraints -Government or emergency response
Which of the following characteristics of cloud computing describes the ability to grow easily in response to an increase in demand?
Scalability
When using cloud computing, you will shift _________ cost to _______ cost.
capital cost to variable cost
Cloud computing allows business to move away from the need to have _______ capital expenditures related to computer hardware by utilizing the cloud instead.
large
Variable cost business models are focused on:
-Responsiveness -Removing the need for hardware completely -Allowing for smaller operating expenses (OPEX) over time, instead of large initial capital expenditures (CAPEX) -Operating efficiencies that do not work anymore
Cloud scalability means?
-The ability of a particular system to fit a problem as the scope of that problem increases -The ability of an application to be scaled up to meet demand through replication and distribution of requests across a pool or farm of servers
What makes up the CIA Triad?
-Confidentiality -Availability -Integrity
Which of the following is a reason for business users to be interested in cloud computing?
Desire for improved user experience
What consequences does outsourcing IT and cloud computing have in common?
The use of external staffing
Which of the following do IT outsourcing and cloud computing typically have in common?
The possibility for vendor lock-in
What are the three primary scalability levels?
-Server Scalability -Scaling of the Network -Scaling of the Platform
Which of the following applies only to public cloud computing as opposed to outsourcing?
Public clouds have no upfront CAPEX costs for hardware
Which of the following is a good case for IT outsourcing, as well as cloud computing?
Improving the overall cost structure
Which consequences do outsourcing IT, as well as cloud computing, have in common?
The use of external staffing
Hardware independence is:
The abstraction of your server OS from the server hardware and then packaging it into virtual machines
The following reduces your company's ________: Because cloud computing greatly reduces this, on-demand, scalable, and elastic services, allow the company to get products out quicker.
Time to market
Cloud computing allows for you to use _________ because you only pay based on your usage.
opex
When your organization has a compliance audit, which of the following might be included as part of the audit?
-Assessing what is used as identity management -Audit of the the access control list
Network ___________ is the amount of data that can be sent across a network link within a given time.
bandwidth
When the services and infrastructure are provided off-site, over the Internet:
Software as a Service
Which of the following is a differentiating characteristic of private cloud solutions compared to public cloud solutions?
Private cloud solutions are dedicated for use by a single organization.
What are some of the major differences between a private cloud and a public cloud?
-Private clouds are for use in a single organization -A public cloud is typically offered over the Internet
When computing services or infrastructure is maintained on the public network:
Public clouds
When computing services or infrastructure is maintained on the private network:
Private clouds
Making use of cloud computing often slows down application development and architectural design.
False. Using cloud computing and making use of services that are distributed and already available for your development teams speeds up the time to market strategy for almost all new development projects.
You can only use virtual servers in private clouds or traditional data centers.
False. All forms of cloud computing make use of virtual servers.
Which terms best describe the following scenario? When the load on your web site goes up, the load balancer adds additional compute web servers to carry the load and then removes these servers when the load goes back down.
-Automation -Elasticity
Cloud computing is typically based on open Internet technology
True
The three major cloud forms are:
-Public -Private -Hybrid
When computing services or infrastructure is maintained on both private and public clouds:
Hybrid clouds
It is important to use standardization on things such as data formats, virtual machine sizes, etc. because it helps facilitate, when the needs arises, to move from one cloud provider to another.
True
The management requirements of cloud computing become much more complex when you need to manage private, public, and traditional data centers all together. You'll need to add capabilities for federating these environments.
True
It is possible that data can be lost or stolen when migrating to the cloud.
True
Virtual machines can be secured at the VM-level by using access control list and firewalls.
True
A few possible security risks when using the cloud:
- Data loss- Data exposure- Shared technology
Web email is considered an early example of cloud adoption
True
Applications that are easy to migrate and have some business value are great options when first piloting or doing a POC for migrating to the cloud.
True
Which of the following steps BEST lead to successful adoption of a cloud service?
Gather stakeholder requirements, select potentially suitable cloud providers, perform a pilot, and then select the most appropriate provider.
It does not matter what portions of your current data center or infrastructure could be a possible security risk when moving that data to the cloud.
False
You should be aware of which portions of your current data center or infrastructure can be a possible security risk when moving that data to the cloud.
True
Some of the ways to mitigate risks when using cloud data integration:
- Understand the application design when moving to the cloud- Keep the applications, data, and the users as close as possible
CEN stands for:
Cloud-Enabled Networking
Which of the following are ways of managing risk management?
-Identify what the organizations assets are -Identify threats and vulnerabilities -Address the identified risk -Monitor risks
Federation is really a form of hybrid cloud technologies
True
Some examples of using hardware standardization are:
-Using the same architecture, such as X86 -Taking advantage of tier-based virtualization cloud technologies -VM sizes are pre-defined sizes, often known as flavors
Why is there less maintenance effort using SaaS when managing the operating system?
Because the service provider manages the operating system in SaaS
Which of the following must be implemented by a cloud provider to ensure that different entities can authenticate and share basic user account information?
Virtualization
_____________ allows the users/tenants of a cloud to do tasks themselves
Self-Service
A few security benefits in using the cloud are:
-24/7 staffing and monitoring -Increased availability and improved disaster recovery through redundancy and multiple locations
When utilizing cloud technologies, one of the biggest benefits is using ________, which allows things to take place in cloud loads without much user intervention.
automation
Some forms of encapsulation being used in VPNs are:
- GRE- VXLAN- VLAN
Which of the following is a typical concern for business and IT leaders, when adopting cloud computing?
Security of current IT solutions
Data integration is complex in private data centers and is even more so when it comes to the cloud.
True
Examples of _____ Area Networks are the Internet and VPN tunnels.
Wide
A _____ allows one network from a single geographical data center to communicate securely with a data center in a different locale.
VPN
A ________ cloud, also known as cloud federation, is the deployment and management of multiple external and internal cloud computing services to match business needs. A federation is the union of several smaller parts that perform a common action.
federated
How might an organization successfully implement a SaaS strategy?
By managing the risks that are associated with bringing in external providers
A cloud's network must be _________ and ___________.
resilient and redundant
CBN stands for:
Cloud-Based Networking
Common technologies used to mitigate security concerns are:
-Virtual firewalls -Virtual private networks
Virtualization technology is not an important skill for IT when adopting an IaaS strategy.
False
ITIL and cloud management is broken down in to: Service Strategy, Service Design, and ________
Service Transition
When using the ITIL standard the first step when considering when a company needs to implement a cloud network is to
assess what the business needs are
Differing from more technology-oriented IT management approaches like network management and IT systems management, __________ is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement.
IT Service Management (ITSM)
Cloud computing improves business flexibility by...
-providing easier access to users outside of the organization -rapidly growing and shrinking capacity -allowing for the faster deployment of applications
The goal of ITSM is to ensure that IT functions efficiently and that its processes are also in alignment with the needs of the business.
True
The _______________ identifies customer requirements and makes sure that the cloud service provider meets the requirements before agreeing to deliver the service
Business Relationship Manager (BRM)
Cloud computing delivers IT capabilities that scale with demand, which is a huge benefit to organizations that want to quickly start out.
True
If you do not already know the processes behind your current IT infrastructure, then making changes such as moving to the cloud can be detrimental.
True
Which of the following questions should be considered before selecting a cloud computing vendor?
What cloud computing product will fit the business needs?
Within cloud environments, the purpose of the Business Relationship Management process is extended to form and uphold the cloud service provider and the customer-business relationship
True
As part of a critical SaaS application, one of the contractual statements by the cloud provider is a requirement to perform scheduled maintenance. This has a direct impact on which of the following?
Service operation
There are not legal risks when moving to the cloud.
False. Moving your data to the cloud created several legal questions that need to be addressed by your company's legal teams, especially if your company operates internationally.
Which of the following is BEST used when setting up security for services being used within a public cloud?
SSL
Which of the following assets have risks related to a cloud provider going out of business?
- Not using hybrid cloud federations to keep your data synced with multiple providers- Data stored at the provider
Often times when using third party management tools for the cloud there is risk because of the possibility vendor lock-in.
True
You company's data could become compromised by
-phishing -social engineering -poor physical security
Which of the following is the MOST important service management consequence of elastic capacity?
The need for good performance monitoring and management
The MOST important business continuity risk when selecting cloud service providers is:
The provider going out of business
Which of the following risk results if cloud computing providers limit their Service Level Agreement (SLA) liabilities?
Legal risk
Capital tied up in hardware that might become obsolete over time is one limitations of owning your own servers instead of using the cloud.
True
Cloud-related financial risks can be managed by making sure that cloud assets are generating revenue.
True
A company is using an Internet-based cloud service provided by a third party. Which of the following can the third party NOT guarantee when providing cloud resources?
The cost of the services
Which of the following is NOT a recognized cloud classification model?
QoS
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot?
​​Successful completion
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
Service Operation
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
Service Operation
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company?
No upfront capital expenditure
A webmail service hosted by an MSP for which of the following is considered a private cloud?
A single company
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services?
Information Technology Infrastructure Library (ITIL)
Which of the following is the MOST likely reason for subscribing to PaaS?
​Application development
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing?
$4,700
Which of the following is the MOST widely used example of cloud computing?
Online email
A military facility is NOT able to fully embrace cloud computing because of which of the following?
High degree of confidentiality and operational assurance
Why does cloud computing shift capital cost to variable cost?
IT assets are not owned by the customer
Twitter is a service that allows users to exchange short text messages. This is an example of:
SaaS
Which of the following does the server virtualization layer do?
It allows the underling physical server hardware to be shared
A cloud subscriber may come under certain security constraints when hosting sensitive data in the cloud due to government regulations. Which of the following is the BEST mitigating control that could be implemented by the cloud provider?
Offer a single-tenancy software service with segregated virtualized infrastructure.
In order to maintain strategic flexibility and the ability to bring a cloud system back internally, which of the following is the MOST important requirement in the contract?
Cloud subscriber maintains ownership of their data
Which of the following processes should be implemented to validate the application security of the cloud provider's SaaS application?
Periodic penetration testing
Which of the following processes needs to be changed to better handle Change Management in the cloud?
Software distribution
Private clouds are operated solely for _______________ organization(s)
specific
Which of the following is a differentiating characteristic of private cloud solutions compared to public cloud solutions?
Private cloud solutions are dedicated for use by a single organization.
How can the internal IT department successfully react to cloud computing?
By becoming an internal cloud provider
Which of the following is the function of orchestration services?
Manage the starting and stopping of application server clusters
Which of the following is indicated by a high number of variations of different virtual servers?
Lack of automation of virtual machine image manufacturing
Which of the following is the MOST significant difference between SaaS and IaaS?
IaaS can test network configurations.
How does scalability work with cloud computing?
A. Servers and storage can be added quickly.
B. Servers and storage can be released quickly.
C. Users can be added and removed quickly.
D. All of the above is correct.
All of the above is correct.
An application for internal-use only, on company-owned assets, would be best described as a private SaaS.
(CLOUD CHARACTERISTICS)
True
A few cloud services that can be consumed are?
(CLOUD CHARACTERISTICS)
- Email accounts
- Websites
- Data storage
Which of the following cloud services would be used to pay for hardware when it is being used for computing, network space, and storage over the Internet?
(CLOUD CHARACTERISTICS)
IaaS
Server virtualization allows the underlying physical server hardware to be shared.
(CLOUD CHARACTERISTICS)
True
Cloud computing is what?
(CLOUD CHARACTERISTICS)
- A kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand
- A model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources such as networks, servers, storage, applications and services
A data centre is a facility used to house computer systems and associated components, such as telecommunications and storage systems.
(CLOUD CHARACTERISTICS)
True
Multitenancy allows system resources to be fully utilized before another server is brought online, further reducing the operating costs and data centre cooling that is required along with it.
(CLOUD CHARACTERISTICS)
True
Virtualization software separates physical infrastructures to create various dedicated resources.
(CLOUD CHARACTERISTICS)
True
As stated by the National Institute of Standards and Technology, cloud characteristics include:
(CLOUD CHARACTERISTICS)
- Rapid elasticity
- Broad network accessibility
Being able to create websites and web services quickly is an example of which of the following?
(CLOUD CHARACTERISTICS)
PaaS
PaaS stands for?
(CLOUD CHARACTERISTICS)
Platform as a Service
Indications that your organization may be ready for the cloud are:
(CLOUD CHARACTERISTICS)
- Tied-up capital
- Costly excess capacity
- Running out of capacity
G Suite (formerly known as Google Apps, and different than Google Cloud Platform) is a set of online applications allowing users to create and share documents. This best describes which cloud type?
(CLOUD CHARACTERISTICS)
SaaS
SaaS stands for?
(CLOUD CHARACTERISTICS)
Software as a Service
You access a PaaS cloud by what means?
(CLOUD CHARACTERISTICS)
Web services
Cloud providers and cloud software include:
(CLOUD CHARACTERISTICS)
- Microsoft Azure
- OpenStack
- Amazon Web Services
- Google Cloud Platform
Which of the following are cloud providers or cloud software?
(CLOUD CHARACTERISTICS)
- OpenStack
- Microsoft Azure
- Google Compute Engine
- Amazon Web Services
Indications that your organization may not be ready for the cloud are:
(CLOUD CHARACTERISTICS)
- Your organization owns large data centers that often have enough scale to be as flexible and efficient as cloud computing providers
- Legal and security (compliance) reasons can require an organization to know more details about the location of its data and servers than a cloud computing provider is able to provide
- Predictable and fixed workloads can typically make optimal use of their hardware and do not need scaling
Cloud computing characteristics:
(CLOUD CHARACTERISTICS)
- Managed by the provider
- Managed through self-service on demand
- Network accessible
- Sustainable
IaaS stands for?
(CLOUD CHARACTERISTICS)
Infrastructure as a Service
Some of important steps in the evolution from virtualization to the cloud are:
(CLOUD CHARACTERISTICS)
- Server virtualization
- Distributed data centers
- Private data centers
- Hybrid data clouds and public clouds
Which of the following organizations is MOST likely to consider confidentiality requirements before implementing a backup and disaster recovery cloud solution?
(CLOUD CHARACTERISTICS)
- Organizations with legal or regulatory constraints
- Government or emergency response
Which of the following characteristics of cloud computing describes the ability to grow easily in response to an increase in demand?
(CLOUD CHARACTERISTICS)
Scalability
When using cloud computing, you will shift _________ cost to _______ cost.
(BUSINESS VALUE)
capital cost to variable cost
Cloud computing allows business to move away from the need to have _______ capital expenditures related to computer hardware by utilizing the cloud instead.
(BUSINESS VALUE)
large
Variable cost business models are focused on:
(BUSINESS VALUE)
- Responsiveness
- Removing the need for hardware completely
- Allowing for smaller operating expenses (OPEX) over time, instead of large initial capital expenditures (CAPEX)
- Operating efficiencies that do not work anymore
Cloud scalability means?
(BUSINESS VALUE)
- The ability of a particular system to fit a problem as the scope of that problem increases
- The ability of an application to be scaled up to meet demand through replication and distribution of requests across a pool or farm of servers
What makes up the CIA Triad?
(BUSINESS VALUE)
- Confidentiality
- Availability
- Integrity
Which of the following is a reason for business users to be interested in cloud computing?
(BUSINESS VALUE)
Desire for improved user experience
What consequences does outsourcing IT and cloud computing have in common?
(BUSINESS VALUE)
The use of external staffing
Which of the following do IT outsourcing and cloud computing typically have in common?
(BUSINESS VALUE)
The possibility for vendor lock-in
What are the three primary scalability levels?
(BUSINESS VALUE)
- Server Scalability
- Scaling of the Network
- Scaling of the Platform
Which of the following applies only to public cloud computing as opposed to outsourcing?
(BUSINESS VALUE)
Public clouds have no upfront CAPEX costs for hardware
Which of the following is a good case for IT outsourcing, as well as cloud computing?
(BUSINESS VALUE)
Improving the overall cost structure
Which consequences do outsourcing IT, as well as cloud computing, have in common?
(BUSINESS VALUE)
The use of external staffing
Hardware independence is:
(BUSINESS VALUE)
The abstraction of your server OS from the server hardware and then packaging it into virtual machines
The following reduces your company's ________: Because cloud computing greatly reduces this, on-demand, scalable, and elastic services, allow the company to get products out quicker.
(BUSINESS VALUE)
Time to market
Cloud computing allows for you to use _________ because you only pay based on your usage.
(BUSINESS VALUE)
opex
When your organization has a compliance audit, which of the following might be included as part of the audit?
(BUSINESS VALUE)
- Assessing what is used as identity management
- Audit of the the access control list
Network ___________ is the amount of data that can be sent across a network link within a given time.
(TECHNICAL PERSPECTIVES)
bandwidth
When the services and infrastructure are provided off-site, over the Internet:
(TECHNICAL PERSPECTIVES)
Software as a Service
Which of the following is a differentiating characteristic of private cloud solutions compared to public cloud solutions?
(TECHNICAL PERSPECTIVES)
Private cloud solutions are dedicated for use by a single organization.
What are some of the major differences between a private cloud and a public cloud?
(TECHNICAL PERSPECTIVES)
- Private clouds are for use in a single organization
- A public cloud is typically offered over the Internet
When computing services or infrastructure is maintained on the public network:
(TECHNICAL PERSPECTIVES)
Public clouds
When computing services or infrastructure is maintained on the private network:
(TECHNICAL PERSPECTIVES)
Private clouds
Making use of cloud computing often slows down application development and architectural design.
(TECHNICAL PERSPECTIVES)
False. Using cloud computing and making use of services that are distributed and already available for your development teams speeds up the time to market strategy for almost all new development projects.
You can only use virtual servers in private clouds or traditional data centers.
(TECHNICAL PERSPECTIVES)
False. All forms of cloud computing make use of virtual servers.
Which terms best describe the following scenario? When the load on your web site goes up, the load balancer adds additional compute web servers to carry the load and then removes these servers when the load goes back down.
(TECHNICAL PERSPECTIVES)
- Automation
- Elasticity
Cloud computing is typically based on open Internet technology
(TECHNICAL PERSPECTIVES)
True
The three major cloud forms are:
(TECHNICAL PERSPECTIVES)
- Public
- Private
- Hybrid
When computing services or infrastructure is maintained on both private and public clouds:
(TECHNICAL PERSPECTIVES)
Hybrid clouds
It is important to use standardization on things such as data formats, virtual machine sizes, etc. because it helps facilitate, when the needs arises, to move from one cloud provider to another.
(TECHNICAL PERSPECTIVES)
True
The management requirements of cloud computing become much more complex when you need to manage private, public, and traditional data centers all together. You'll need to add capabilities for federating these environments.
(TECHNICAL PERSPECTIVES)
True
It is possible that data can be lost or stolen when migrating to the cloud.
(CLOUD ADOPTION)
True
Virtual machines can be secured at the VM-level by using access control list and firewalls.
(CLOUD ADOPTION)
True
A few possible security risks when using the cloud:
(CLOUD ADOPTION)
- Data loss
- Data exposure
- Shared technology
Web email is considered an early example of cloud adoption
(CLOUD ADOPTION)
True
Applications that are easy to migrate and have some business value are great options when first piloting or doing a POC for migrating to the cloud.
(CLOUD ADOPTION)
True
Which of the following steps BEST lead to successful adoption of a cloud service?
(CLOUD ADOPTION)
Gather stakeholder requirements, select potentially suitable cloud providers, perform a pilot, and then select the most appropriate provider.
It does not matter what portions of your current data center or infrastructure could be a possible security risk when moving that data to the cloud.
(CLOUD ADOPTION)
False
You should be aware of which portions of your current data center or infrastructure can be a possible security risk when moving that data to the cloud.
(CLOUD ADOPTION)
True
Some of the ways to mitigate risks when using cloud data integration:
(CLOUD ADOPTION)
- Understand the application design when moving to the cloud
- Keep the applications, data, and the users as close as possible
CEN stands for:
(CLOUD ADOPTION)
Cloud-Enabled Networking
Which of the following are ways of managing risk management?
(CLOUD ADOPTION)
- Identify what the organizations assets are
- Identify threats and vulnerabilities
- Address the identified risk
- Monitor risks
Federation is really a form of hybrid cloud technologies
(CLOUD ADOPTION)
True
Some examples of using hardware standardization are:
(CLOUD ADOPTION)
- Using the same architecture, such as X86
- Taking advantage of tier-based virtualization cloud technologies
- VM sizes are pre-defined sizes, often known as flavors
Why is there less maintenance effort using SaaS when managing the operating system?
(CLOUD ADOPTION)
Because the service provider manages the operating system in SaaS
Which of the following must be implemented by a cloud provider to ensure that different entities can authenticate and share basic user account information?
(CLOUD ADOPTION)
Virtualization
_____________ allows the users/tenants of a cloud to do tasks themselves
(CLOUD ADOPTION)
Self-Service
A few security benefits in using the cloud are:
(CLOUD ADOPTION)
- 24/7 staffing and monitoring
- Increased availability and improved disaster recovery through redundancy and multiple locations
When utilizing cloud technologies, one of the biggest benefits is using ________, which allows things to take place in cloud loads without much user intervention.
(CLOUD ADOPTION)
automation
Some forms of encapsulation being used in VPNs are:
- GRE
- NAT
- VXLAN
- VLAN
(CLOUD ADOPTION)
- GRE
- VXLAN
- VLAN
Which of the following is a typical concern for business and IT leaders, when adopting cloud computing?
(CLOUD ADOPTION)
Security of current IT solutions
Data integration is complex in private data centers and is even more so when it comes to the cloud.
(CLOUD ADOPTION)
True
Examples of _____ Area Networks are the Internet and VPN tunnels.
(CLOUD ADOPTION)
Wide
A _____ allows one network from a single geographical data center to communicate securely with a data center in a different locale.
(CLOUD ADOPTION)
VPN
A ________ cloud, also known as cloud federation, is the deployment and management of multiple external and internal cloud computing services to match business needs. A federation is the union of several smaller parts that perform a common action.
(CLOUD ADOPTION)
federated
How might an organization successfully implement a SaaS strategy?
(CLOUD ADOPTION)
By managing the risks that are associated with bringing in external providers
A cloud's network must be _________ and ___________.
(CLOUD ADOPTION)
resilient and redundant
CBN stands for:
(CLOUD ADOPTION)
Cloud-Based Networking
Common technologies used to mitigate security concerns are:
(CLOUD ADOPTION)
- Virtual firewalls
- Virtual private networks
Virtualization technology is not an important skill for IT when adopting an IaaS strategy.
(CLOUD IMPACT ON BUSINESS)
False
ITIL and cloud management is broken down in to: Service Strategy, Service Design, and ________
(CLOUD IMPACT ON BUSINESS)
Service Transition
When using the ITIL standard the first step when considering when a company needs to implement a cloud network is to
(CLOUD IMPACT ON BUSINESS)
assess what the business needs are
Differing from more technology-oriented IT management approaches like network management and IT systems management, __________ is characterized by adopting a process approach towards management, focusing on customer needs and IT services for customers rather than IT systems, and stressing continual improvement.
(CLOUD IMPACT ON BUSINESS)
IT Service Management (ITSM)
Cloud computing improves business flexibility by...
(CLOUD IMPACT ON BUSINESS)
- providing easier access to users outside of the organization
- rapidly growing and shrinking capacity
- allowing for the faster deployment of applications
The goal of ITSM is to ensure that IT functions efficiently and that its processes are also in alignment with the needs of the business.
(CLOUD IMPACT ON BUSINESS)
True
The _______________ identifies customer requirements and makes sure that the cloud service provider meets the requirements before agreeing to deliver the service
(CLOUD IMPACT ON BUSINESS)
Business Relationship Manager (BRM)
Cloud computing delivers IT capabilities that scale with demand, which is a huge benefit to organizations that want to quickly start out.
(CLOUD IMPACT ON BUSINESS)
True
If you do not already know the processes behind your current IT infrastructure, then making changes such as moving to the cloud can be detrimental.
(CLOUD IMPACT ON BUSINESS)
True
Which of the following questions should be considered before selecting a cloud computing vendor?
(CLOUD IMPACT ON BUSINESS)
What cloud computing product will fit the business needs?
Within cloud environments, the purpose of the Business Relationship Management process is extended to form and uphold the cloud service provider and the customer-business relationship
(CLOUD IMPACT ON BUSINESS)
True
As part of a critical SaaS application, one of the contractual statements by the cloud provider is a requirement to perform scheduled maintenance. This has a direct impact on which of the following?
Service operation
There are not legal risks when moving to the cloud.
(CLOUD RISKS)
False. Moving your data to the cloud created several legal questions that need to be addressed by your company's legal teams, especially if your company operates internationally.
Which of the following is BEST used when setting up security for services being used within a public cloud?
(CLOUD RISKS)
SSL
Which of the following assets have risks related to a cloud provider going out of business?
(CLOUD RISKS)
- Not using hybrid cloud federations to keep your data synced with multiple providers
- Data stored at the provider
Often times when using third party management tools for the cloud there is risk because of the possibility vendor lock-in.
(CLOUD RISKS)
True
You company's data could become compromised by
(CLOUD RISKS)
- phishing
- social engineering
- poor physical security
Which of the following is the MOST important service management consequence of elastic capacity?
(CLOUD RISKS)
The need for good performance monitoring and management
The MOST important business continuity risk when selecting cloud service providers is:
(CLOUD RISKS)
The provider going out of business
Which of the following risk results if cloud computing providers limit their Service Level Agreement (SLA) liabilities?
(CLOUD RISKS)
Legal risk
Capital tied up in hardware that might become obsolete over time is one limitations of owning your own servers instead of using the cloud.
(CLOUD RISKS)
True
Cloud-related financial risks can be managed by making sure that cloud assets are generating revenue.
(CLOUD RISKS)
True
A company is using an Internet-based cloud service provided by a third party. Which of the following can the third party NOT guarantee when providing cloud resources?
(CLOUD RISKS)
The cost of the services
Which of the following is NOT a recognized cloud classification model?
A. IaaS
​B. QoS
​C. PaaS
​D. SaaS
(Official Sample Questions provided by CompTIA)
B. QoS
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot?
A. Security of application data
​B. Usability in a cloud environment
​C. Successful completion
D. Low impact of failure
(Official Sample Questions provided by CompTIA)
​​C. Successful completion
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
A. Service Upgrade
​B. Service Disconnection
​C. Service Operation
D. Service Continuance
(Official Sample Questions provided by CompTIA)
C. Service Operation
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
A. Service Occurrence
​B. Service Optimization
​C. Service Ownership
D. Service Operation
(Official Sample Questions provided by CompTIA)
D. Service Operation
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company?
A. Ease of infrastructure management
B. Reduced Mean Time to Implement
​C. Shared company resources
D. No upfront capital expenditure
(Official Sample Questions provided by CompTIA)
D. No upfront capital expenditure
A webmail service hosted by an MSP for which of the following is considered a private cloud?
A. A single company
​B. Nonprofit companies
​C. Many companies
D. Marketing companies
(Official Sample Questions provided by CompTIA)
A. A single company
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services?
A. American National Standards Institute (ANSI)
​B. National Institute of Standards and Technology (NIST)
​C. Information Technology Infrastructure Library (ITIL)
D. Project Management Institute (PMI)
(Official Sample Questions provided by CompTIA)
C. Information Technology Infrastructure Library (ITIL)
Which of the following is the MOST likely reason for subscribing to PaaS?
A. Virus protection
​B. Software application access
​C. Application development
D. Infrastructure tuning
(Official Sample Questions provided by CompTIA)
​C. Application development
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing?
A. $1,300
​B. $4,500
​C. $4,700
D. $6,000
(Official Sample Questions provided by CompTIA)
C. $4,700
Which of the following is the MOST widely used example of cloud computing?
A. Business ratings
​B. Online email
​C. Online education
​D. Geo-caching
(Official Sample Questions provided by CompTIA)
B. Online email
Cloud Computing
delivering computing resources to a remote customer over network
NIST Cloud Computing
Ubiquitous, convenient
On-demand
Network-access
Shared pool
Configurable computing resources
Rapidly provisioned and released
Minimal management effort or service provider interaction
Amazon launched in:
2006
Workloads in the Cloud
21% non-cloud
38% public cloud
41% private cloud
Data centers will use how many TWh of electricity by 2025?
915 TWh
Client/server model of computing
Device (phone, computer) reaches out to website, that website registers the tweet and send that information to others when they request it
Essential Characteristics of Cloud
on-demand self-service
broad network access
resource pooling
rapid elasticity
measured service
Multitenancy
more than one client uses the same hardware
Cloud is essentially infinite
Due to resource pooling, economy of scale, and multitenancy
Batch Processing
Overnight computing jobs
Burst Capacity
Hybrid that kicks in when capacity is needed
Cloud First
From this point forward, everything will be built in the cloud
Cloud Native
Born on the cloud, tech startups
IaaS
Building blocks -- compute, storage, and networking
Customer does most, provider does least
PaaS
Customer runs own code in some way
Deploy applications on providers infrastructure
SaaS
Fully functioning product where customers only provide the data
Disaster recovery in cloud
On premise infrastructure is subject to whether and malfunctioning
Duplicate data across geographic location
Both primary cloud use case and driving force behind cloud
Virtual Servers
Run in cloud data centers
EC2
Elastic Compute Cloud
Virtualized servers
Block Storage
Pay for storage reserved for you at all times
Disk volume managed by OS
EBS - elastic block storage
Object Storage
Store files as individual objects managed by cloud service provider
Much cheaper than block storage
S3 - simple storage service
Cloud Storage Costs
Object storage is much cheaper than block storage
Object storage only incurred when used, while block is prepaid by block
Cloud Network
Highly virtualized and customizable
Virtual Private Cloud - VPC
Virtualize entire network instead of physical wiring
Can control what servers make connections and talk to each other
Used instead of VLAN (virtual local area network)
Cloud Database Options
Build databases on virtual servers
Use a managed database service
Use cloud native database platform
Build Database on Virtual Servers
Requires spinning up server and configuring databases
Resembles on-premises
Requires customer management of servers and databases
Managed Database Service
Request database from cloud provider using platform of choice
Transfer maintenance responsibility to cloud provider
Incurs additional costs
Cloud Native Database Platform
Allows use of relational databases, key value stores, graph database
High degree of cloud optimization
Management burden on provider
Requires retooling existing applications
Cloud Orchestration
Automates cloud management
Hybrid environments add complexity to cloud operations
Mix of public and private cloud -- access resources through the vendor's API (application programming interface)
Storage Concerns
Cost
Accessibility
Durability
Geographic Diversity
Privacy
Storage Units
1 megabyte = 1,000 kilobytes
1 gigabyte = 1,000 megabytes
1 terabyte = 1,000 gigabytes
Elastic block storage is to cloud servers
as physical hard drives are to physical servers
EBS Storage Classes
SSD - solid state drive -
HDD - hard disk drive -
EBS
Pay for what you provision
Provision blocks that are immediately available to your servers
3-nines of durable storage
EBS Volume Snapshots
Allow you to preserve backups of your drive content
Stored in S3, providing durable backups
S3 Storage
Data is stored as objects in folders, know as S3 buckets
S3 buckets must have globally unique names
S3 Storage Classes
Standard - active data
Standard Infrequent Access
Glacier - archived data
S3
Scalable
Pay per use
Pay for data transfer
May be more difficult to access data directly from compute instance
11-nines of durable storage
Can host files on web directly out of S3 bucket without needing a web server
Cost Models of Storage
Tier data to optimize cost/performance
S3 for reliable, durable, primary storage
S3 for backups and redundancy
Glacier for long term storage
Automated Tiering with Lifecycle Policy
S3 bucket --> archive after 30 days --> Glacier --> delete after 7 years
Server Roles
servers generally have a single purpose
The more things put on one server the more complex, harder to manage, and less efficient
Good from security perspective
Example Server Roles
Web server
Mail server
Database server
Application server
File server
How do servers differ physically?
CPU - processing
Memory
Storage
Network
Optimize Web Server
Optimize network
Optimize File Server
Optimize storage
Optimize Machine Learning Model
optimize CPU and memory
Optimize Database server
Depends on what the database server is doing
Database servers often times aren't optimized
Burstable instances
Build up CPU credit for times of peak use
Processor Types
Intel
ARM
AMD
DVIDIA
Entire state of a server is stored on
a disk
Snapshots
Contain a copy of all data stored on a disk image
EBS offers snapshot options, where it stores it in S3
Amazon Machine Image - AMI
simplify the process of building new servers
Provide information required to launch an instance
Made up of EBS snapshots
Alerts
Automate responses to changing conditions
Cybersecurity Triad
Confidentiality, integrity, availability
Backups are the primary way we ensure availability of data
Principle of Least Privilege
User should have the minimum set of privileges necessary to perform its intended function
Default Deny Principle
Anything that is not explicitly allowed should be denied
Security through Obscurity
Should NOT want this
Security of a system is dependent on people not understanding how the security controls work
Everything we do in cybersecurity is
about managing risk
Risks
The combination of an internal vulnerability and an external threat
Likelihood
how likely is it that a risk will materialize?
Impact
how will the materialization of a risk affect our business?
Risk Assessment
identifies and prioritizes risks
need to weigh financial costs and determine how likely a risk is and the impact it would have
Risk Management Strategies
Risk avoidance
Risk transference
Risk mitigation
Risk acceptance
Risk Avoidance
changes the organization's business practices
Ex: if there's risk of flood, move the data center
Risk Transference
Shifts the impact of a risk to another person
Ex: insurance
Risk Mitigation
Reduces the likelihood or impact of the risk
Ex: mitigate risk of flood by installing flood diversion system
Risk Acceptance
Accepts risk without taking any further action
Network security
IP addresses
Firewalls
IP Address
a number that uniquely identifies a system
Source and Destination
address on left is source and address on right is destination
Data flows left to right
When writing firewall rules, need to know which way the connection goes, what is going where
Network ports
a specific address within a system
guide traffic to the correct final destination
Port Ranges
0-1,023 = well known ports
1,024-49,151 = registered ports
49,152-65,535 = dynamic ports
Administrative Services
Port 21 = File Transfer Protocol (FTP)
Port 22 = Secure Shell (SSH)
Port 3389 = Remote Desktop Protocol (RDP)
Port 137, 138, 139 = NetBIOS
Mail Services
Port 25 = Small Mail Transfer Protocol (SMTP)
Port 110 = Post Office Protocol (POP)
Port 143 = Internet Message Access Protocol (IMAP)
Web Services
Port 80 = Hypertext Transfer Protocol (HTTP)
Port 443 = Secure HTTP (HTTPS)
Firewalls act as
security guards, blocking unwanted network traffic
Security Groups
Allow us to modify firewall rules for our EC2 instances
Port Scanning
Probes systems for open ports
Security Vulnerability
flaws in code lead to security vulnerabilities
Security vulnerabilities get fixed with patches, which we see as security updates
Most organization have many different components that require frequent security patches
Vulnerability Patching Process
Software vendor learns of vulnerability
Developers analyze the issue and develop a patch
Software vendor releases patch to customers
Customers apply patch to remediate the vulnerability
Window of Exposure
The time between the vulnerability being introduced and the patch deployment completing
Vulnerability Scanning
probes system for known security issues
Identity and Access Management (IAM)
set of controls and processes that ensure systems have consistent method to identify entities authorized to access systems
We want to make sure we know who people are and what they're supposed to be doing on our system
Identification, authentication, authorization
identification = username
authentication = password/MFA
authorization = access
Authentication Factors
Something you know
Something you are
Something you have
Something you know
password
strong passwords are long and complex
passphrases are better than passwords
Multifactor Authentication
combines authentication techniques from two or more authentication categories
Ex: password and Okta
Scalability
To allow a system to grow beyond its maximum capacity
Adding or removing resources to a system to accommodate changes in demand
Vertical Scaling
Adding resources to one machine to accommodate additional work
Horizontal Scaling
Distributing additional work across more than one machine
Ability to add resources at each layer of a system
Requires load balancer to manage distribution of work
Can require application reconfiguration
Can require software changes
Increase system complexity
Vertical Scaling Constraints
CPU
Memory
Network
Storage
Need to pick the right instance for vertical scaling
Vertical Scaling Steps
Identify bottleneck
Identify new server instance type
Shut down server
Select new instance type
Start server
Why Scale Vertically
Monolithic applications
Legacy software
No code changes necessary
Easy to do
Downside of Vertically Scaling
Have to shut down your server
You lose elasticity (have to design for the peak, so you waste resources when you aren't at peak)
Who uses horizontal scaling?
Large scale businesses
Ex; big websites
Downside of horizontal scaling
Lose simplicity
Requires application itself to be aware of what's going on on each other
Application Load Balancer (ALB)
Routes user requests to multiple EC2 instances
Allows for path and host based routing
Network Load Balancer (NLB)
Routes traffic based on low level network protocols
Scales to millions of requests per second
ALB Components
Load balancer - entry point for user requests
Listener - uses rules to map user requests to services in target groups
Target group - contains multiple EC2 instances
Auto Scaling
Programmatic horizontal scaling
Feature of load balancing and can automatically add servers through a launch configuration
Auto Scaling Process
Based on launch configuration
Identify scaling thresholds based on resource utilization
Monitor usage based on defined thresholds
Trigger scaling action when appropriate
Bursting
Vertical scaling without downtime
Limited to CPU only
Limited to T3, T3a, T2, and T4g instance types
Product Fit
Does the product meet business needs?
Is the product intuitive?
Dig into the vendor -- reputable? financially stable?
Business Case
What are the upfront and recurring costs?
How will pricing change over time?
Duration - how long do you expect to use this service?
Negotiating - lowering the price, extending terms
Moore's Law
The number of transistors per square inch on an integrated chip doubles every 18 months, so the price goes down every year
Architecture
Design - will it scale? is the system well designed?
Redundancy - if one piece breaks the one failure won't cause the entire system to collapse
Durability/reliability - reside in multiple data centers? is data backed up? exit strategy?
Security for Vendor Evaluation
Encryption - is data encrypted? who controls the keys?
Incident response - what will the vendor do in a security incident? operate a 24/7 security operations center?
Access management - integrate with existing control system? MFA?
User management - how are new users created? how are users removed from the system?
Legal
what jurisdiction governs the relationship?
Compliance issues - HIPPA, GDPR, COPPA, GLBA, PCI DSS
Support
Technical support - when is support available? who is providing support?
Service Level Agreement (SLA)
contract that defines what services the provider will furnish and what standard the service must be at
Which of the following is NOT a cross-cutting component of layered architecture?
Communication
Services
Operational Management
Security
Services
What is a Service Level Agreement?
The parameters and definitions of what service a company will provide to customers
Which of the following is NOT a Principal Component of IT Architecture Model?
IT Application Landscape
Software Reference Architecture
Domain or Capability Model
Cross-Functional Processes
Cross-Functional Processes
Two major advantages of IT Architecture
Consistency and Standardization
Façade that exposes the business logic implemented in the application to the customers
Service Interface
The layer that implements the core functionality of the system by encapsulating business logic
Business Layer
Data layer consists of: (Select all correct answers)
Data Access Components
Service Agents
Business Workflow
Data Helper and Utilities
Data Access Components, Service Agents, Data Helper and Utilities
Which of the following consists of components, some of which may expose service interfaces that other callers can use?
Presentation Layer
Data Layer
Business Layer
Service Layer
Business Layer
Which of the following process is the first step towards application design?
Choose communication protocols for interaction between layers and tiers
Define public interface for each layer
Focus on the highest level of abstraction and group functionalities into layers
Determine how the application will be deployed
Focus on the highest level of abstraction and group functionalities into layers
What is the biggest advantage of a layered application architecture?
Modularity: If you want to update something, you only need to change the respective layer.
Using Microsoft Word as a reference application, give two examples of microservices.
Spell-check, grammar check
Isolating guest Operating Systems from each other and limiting their capabilities (restricting access/privileges)
Sandboxing
Considering IU's enterprise network, name one system for each of the following zones in a zone-based network architecture:
Perimeter zone
Internal zone
Perimeter Zone: Email
Internal Zone: Kuali
True or False: In application design, when moving from logical layers to physical tiers, it is possible to have ONE layer on MULTIPLE tiers.
True
True or False: In application design, when moving from logical layers to physical tiers, it is possible to have ALL layers on a SINGLE tier.
True
True or False: The number of user accounts requiring direct access to the hypervisor should be MAXIMIZED for increased security and redundancy.
False
A service is ________ if it provides functionality that logically belongs together. Services are ___________ if you can change one service without changing the other.
Cohesive, loosely coupled
What type of architecture is best suited if an application involves computationally intensive operations that requires work to be broken down into tasks that can run simultaneously?
Big Compute
If your architecture involves a combination of on-premise systems and cloud components, what technology would you deploy to manage communication between them?
Message Broker
Solutions based on big data architecture typically involve one or more of the following types of workload: (Select all correct answers)
Real-time processing of data
Batch processing of data
Simulations or massive number crunching
Store and process data in finite volumes
Real-time processing of data, Batch processing of data
If you deploy failover clusters in your architecture, your application is built for:
Reliability
If you divide your users into application-defined logical roles and grant access to them based on their role, your application is built for ________________
Security
True or False: User specific application configuration settings can be applied to a SaaS solution although it is limited.
True
True or False: In cloud infrastructure, there is no way a customer can specify the location (country or region) of the provided resources as part of the service.
False
True or False: With software-as-a-service, it is the vendor who builds, deploys, and runs the solution.
True
If you need more capacity, cloud enables you to add more machines or storage and when you stop consuming it, that excess capacity is released back into the resource pool. This can be depicted by which characteristic of cloud computing?
Rapid Elasticity
Which of the following is NOT a benefit of cloud computing?
Easy to change resources and cost effective as compared to hardware solutions
Helps manage software upgrades and installations
Requires you to provision capacity by guessing theoretical maximum peaks
No need to have an IT support organization to manage applications
Requires you to provision capacity by guessing theoretical maximum peaks
Which service model does not require consumers to manage or control the underlying cloud infrastructure, but maintain control over the deployed applications and configuration settings for the application hosting environment?
PaaS
Which characteristic of cloud computing enables the multi-tenant model of computing resources, storage and memory?
Resource Pooling
Servers, storage, and network components are a part of _________ layer in the cloud infrastructure.
Physical
Which of the following is true for Software-as-a-Service?
The consumer manages and controls the underlying cloud infrastructure
Manages delivery of disk space, virtual CPUs, and database services
Includes delivery of fully featured applications that are targeted at private and business users
IT organization builds, deploys, and runs the solution
Includes delivery of fully featured applications that are targeted at private and business users
At the cloud provider premises, which of the following is/are a part of the cloud ecosystem? (select 3)
Clients that are currently accessing the cloud over a network
Clients joining the cloud (initiating access)
Service level agreements with clients
New hardware
Clients that are currently accessing the cloud over a network, Clients joining the cloud (initiating access), New hardware
Which of the following is/are true for Infrastructure-as-a-Service? (select 2)
The consumer manages and controls the underlying cloud infrastructure
Consumers can install operating systems compatible with the underlying virtualized hardware
Includes delivery of fully featured applications that are targeted at private and business users
Has a chargeback (measured service) capability to charge consumers for their resource usage
Consumers can install operating systems compatible with the underlying virtualized hardware, Has a chargeback (measured service) capability to charge consumers for their resource usage
Explain cloud bursting in your own words. Illustrate with an example.
Cloud bursting is the process of having a temporary need for more capabilities or resources, borrowing & consuming those resources from another cloud, and releasing them back when done
An example of this is a web application receiving high amounts of traffic at a given time, so it decides to provision its server on another cloud in order to handle the current capacity of users.
True or False: Multi-tenancy can only be applied to SaaS applications.
False
True or False: Private Cloud can be deployed on as well as off premises.
True
True or False: A Private Cloud can be located at a service provider's data center .
True
The cloud infrastructure which is provisioned for exclusive use by a single organization comprising multiple consumers (i.e. business units)
Private Cloud
When single instance of a software application and its underlying infrastructure serves multiple user accounts
Multi-tenancy
An enterprise would like to leverage cloud solution for managing highly classified data. Which of the following cloud deployment models would be most suitable?
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
Private Cloud
The public school systems in the greater Chicago region have collectively decided to setup an email system in the cloud for use by their faculty, staff and students. This could be an example of the _______ cloud deployment model.
Community
When you integrate cloud with a traditional on-premise system, which deployment model are you building?
Hybrid
According to what we discussed in class, which of the following is the greatest benefit of public cloud deployment?
Broader Geographic Distribution
Cost Savings
Increased Business Agility
Increased Availability
Increased Business Agility
Which of the following statements are true about Private Cloud? [Select 2]
The underlying infrastructure cannot be shared with others
It can only exist on premises
Provides an organization greater control over security and assurance over data location
It is the cheapest deployment model
The underlying infrastructure cannot be shared with others, Provides an organization greater control over security and assurance over data location
Which of the following are components of Hybrid Cloud IT Operating Model? [Select 3]
Traditional IT Management Group
IT Service Broker Group
User Management Control
IT Quality Assurance Group
Cloud Management Group
Traditional IT Management Group, IT Service Broker Group, Cloud Management Group
True or False: When you move from traditional data center into cloud computing, you are shifting from a capital expense (CapEx) to an operational expense (OpEx)
True
Which capability offered by IaaS enables cloud subscribers to bring in their own set of cloud management tools from another vendor?
Control plane and self-service interfaces
In IaaS, which of the following components is NOT managed by cloud providers?
Applications
Servers
Storage
Networking
Applications
A Cluster Manager queries the ______________ to determine resource availability, and returns messages to the ______________ on whether part, or all, of a request can be satisfied in a cluster.
Computer Managers, Cloud Manager
In IaaS, which of the following components is NOT managed by subscribers?
Applications
Middleware
Virtualization
Operating System
Virtualization
Which component of IaaS cloud architecture uses command interface of its hypervisor to start, stop or reconfigure virtual machines?
Computer Manager
Which of the following is NOT a benefit of using IaaS?
Improves disaster recovery and business continuity
Requires precise capacity planning
Lowers up-front cost
Faster time to market
Requires precise capacity planning
Which component of IaaS cloud architecture is responsible for user accounts and high-level resource allocation within the overall cloud?
Cloud Manager
Which of the following types of cloud IaaS is operated by the cloud provider and located at the subscriber's end?
External Private Cloud
Virtual Private Cloud
Outsourced Private Cloud
Internal Private Cloud
Outsourced Private Cloud
Which of the following are common use cases of IaaS? [Select 3]
Environment for application development and testing
Learning Management System
Business Continuity and Disaster Recovery
High-Performance Computing
Applications for enabling collaboration
Environment for application development and testing, Business Continuity and Disaster Recovery, High-Performance Computing
Look at the quiz screen and identify:
1) UI component and
2) the presentation logic underlying that UI component
UI Component -could be buttons, textbox, etc.
Logic - What happens when you click buttons/controls
True or False: In PaaS, it is the subscriber who maintains a set of development tools and execution environments.
False
True or False: In SaaS, consumers have limited admin control and full user level control over applications.
True
In PaaS, which of the following components is NOT managed by cloud providers?
Data
Servers
Virtualization
Operating System
Data
In SaaS, which component(s) is(are) managed by cloud providers?
Applications
Storage
Middleware
All of the above
All of the above
The ________________ layer of the PaaS model allows control over the deployed applications and configuration settings of the platform.
Management
Which of the following types of PaaS allows developers to have a streamlined deployment of applications while retaining control over the underlying infrastructure?
IaaS-centric PaaS
SaaS-centric PaaS
Generic PaaS
None of the above
IaaS-centric PaaS
In a PaaS model, which service stack is hosted and operated by the PaaS vendor and typically co-located to the PaaS environment inside the same infrastructure?
Native services
Which of the following statements is FALSE for PaaS?
Provides on-demand and self-service application development
Provides standard application framework
Portability between PaaS clouds is quick and easy
Abstracts infrastructure and other configuration details from application developers
Portability between PaaS clouds is quick and easy
Which of the following statements are TRUE for SaaS? [Select 2]
Software is managed centrally by the cloud vendor
Useful for batch computing and workloads that require large amounts of capacity on demand
Allows easy upgrades and seamless scalability
Provides on-demand and self-service application development
Software is managed centrally by the cloud vendor, Allows easy upgrades and seamless scalability
Which of the following modules are a part of the Integration Broker Pipeline? [Select 3]
Orchestrate
Governance
Infrastructure
Transform
Security
Orchestrate, Transform, Security
SaaS would be a good fit:_______________ AND _________________ [Select 2]
For undifferentiated solutions that may not confer a competitive advantage
When an application's Time to Market is a key pressure for development teams
Applications where extremely fast processing of real time data is required
Applications that have a significant need for mobile and web access
Applications where legislation or other regulation does not permit data being hosted externally
For undifferentiated solutions that may not confer a competitive advantage, Applications that have a significant need for mobile and web access
Which of the following is NOT true about the cluster manager?
Cluster Manager is responsible for the operation of a collection of computers that are connected via high speed local area networks
A Cluster Manager receives resource allocation commands and queries from the Cloud Manager
Cluster Manager queries the Computer Managers for the computers in the cluster to determine resource availability, and returns messages to the Cloud Manager on whether part, or all, of a request can be satisfied in a cluster
Cluster Manager uses the command interface of its hypervisor to start, stop, suspend, and reconfigure virtual machines, and to set the local virtual network configuration
Cluster Manager uses the command interface of its hypervisor to start, stop, suspend, and reconfigure virtual machines, and to set the local virtual network configuration
Failover clustering is typically used with:
Application servers
Clients
Web servers
Database servers
Database servers
What is measured service? List some examples of metrics
Cloud systems automatically control and optimize resource use by leveraging a metering capability (examples: storage, bandwidth, processing, active user accounts)
In the SaaS model, the public access point to the cloud is the:
Cloud Manager
What is an integration broker? What are the 4 components of its architecture?
An integration broker is used to manage data movement and system integration (integrates in-house applications and SaaS applications).
4 components: Security, Transform, Orchestrate, Route
Which of the following is not one of the characteristics of cloud computing?
Resource pooling
On demand self service
Rapid virtualization
Broad access
Rapid virtualization
When designing an application, the first task is to:
Determine how the application will be deployed
Choose the communication protocols to use for interaction between the layers and tiers of the application
Focus on the highest level of abstraction and start by grouping functionality into layers
Define the public interface for each layer
Focus on the highest level of abstraction and start by grouping functionality into layers
What is sandboxing?
Isolating each guest OS from the others and restricting what resources they can access and what privileges they have
Which of the following is NOT a typical component of an IaaS offering?
Storage
Self service interfaces
Compute Instances
Identify and Access Management
All of the above are components of IaaS
All of the above are components of IaaS
A network with higher 9's rating is used when which of the following is very important?
Integrity
Availability
Security
Confidentiality
Availability
When is public cloud deployment favorable?
Auctioning data center
Cost savings
Scalability
Business Agility
Business Agility
True or False: Platform as a Service model enables an abstraction of middleware, infrastructure and configuration details, thus helping reduce complexity.
True
Which of the following are part of the service provider's responsibilities in a PaaS service? (Select 3)
Applying security patches to the application as required
Updating applications as required
Maintaining an inventory of applications
Providing execution environments for consumer's applications
Providing a set of development tools
Maintaining an inventory of applications
Providing execution environments for consumer's applications
Providing a set of development tools
A subscriber in an Infrastructure as a Service model can be ______
An individual
A business unit
A team
All of the above
All of the above
Which of the following is a cross-cutting capability in the layered architecture we discussed in class?
Security
Service agents
Data helpers/utilities
Services layer
Security
Which of the following are necessary in designing an enterprise IT architecture? (Select 3)
Human resources
IT applications
Business Model
IT infrastructure and products
IT applications
Business Model
IT infrastructure and products
Which of the following are consumers of PaaS? (Select all that apply)
Application Users
Application Testers
Application Developers
Application Administrators
Cloud Service Providers
Application Deployers
Application Users
Application Testers
Application Developers
Application Administrators
Application Deployers
True or False: In Platform as a Service, the customer does not manage or control the underlying infrastructure but has control over storage and possibly limited control of networking components.
False
What is the function of the data layer?
The data layer provides access to data hosted within the boundaries of the system, and data exposed by other networked systems. It exposes generic interfaces that the components in the business layer can consume.
Gmail is an example of which cloud service offering?
SaaS
True or False: Public zone assets can be managed by an organization.
False
True or False: By virtualization you can add more storage space than underlying hardware.
False
In IaaS, the _________ uses the command interface of its hypervisor to start, stop, suspend, and reconfigure the virtual machines.
Computer Manager
List 3 critical threats to cloud computing security.
Abuse and Nefarious Use of Cloud Computing
Insecure Application Programming Interfaces
Malicious Insiders
Shared Technology Vulnerabilities
Data Loss/Leakage
Account, Service & Traffic Hijacking
Unknown Risk Profile
A cloud deployment that is off premises but for the exclusive use of a particular organization
Private
What is a zone in the context of logical network design?
A logical entity containing one or more tiers, it segregates various parts of the network
__________ cloud enables data and application portability
Hybrid
Which of the following is NOT a type of PaaS?
SaaS-centric PaaS
Generic PaaS
IaaS-centric PaaS
Virtualized PaaS
All of the above are types of PaaS
Virtualized PaaS
True or False: Virtualization is a necessary step for cloud computing.
False
Which of the following can be considered a potential issue pertaining to IaaS? (Select all that apply)
Upfront costs
Flexibility
Virtual Machine sprawl
Network dependence
Browser based risks
Virtual Machine sprawl
Network dependence
Browser based risks
In the _________ cloud service model, the consumer makes use of the interfaces provided by the service provider and develops, implements, and deploys applications.
PaaS
Which of the following is NOT true with respect to the characteristics of SaaS?
Web access to commercial software
Software delivered in a "one to many" model - multitenancy
Users are required to handle software upgrades and patches
Software is managed from a central location
Users are required to handle software upgrades and patches
In the PaaS service model, the __________ layer is responsible for pushing, starting, and stopping of applications.
Management
Which of the following is NOT a benefit of SaaS?
Low initial cost
Easy upgrades
Increased administration
Scalability
Increased administration
True or False: A load balanced cluster is a design for scalable infrastructure tier that accounts for changes in load while maintaining an acceptable level of performance.
True
List the PaaS application lifecycle.
Build applications
Land first release
Maintain application
Land releases
End of life
Give 1 security recommendation for virtualization.
Hypervisor platforms with hardware assisted virtualization provides greater security assurance.
Number of user accounts requiring direct access to hypervisor host should be limited to bare minimum.
Place the management interface of the hypervisor in a dedicated virtual network segment.
Communication from a given VM to the enterprise (physical) network should be enabled through multiple communication paths (or physical NICs) within the virtualized host.
List 2 advantages of layered architecture.
Consistency & standardization
A cloud deployment that is off premises but for exclusive use of one or more particular organizations
Community
Using an example, explain how Microservices Architecture facilitates continuous delivery practice across development teams.
Continuous Delivery practices encourage incremental additions as part of production. These additional features and capabilities are made possible by the separation and independence of services in a microservice architecture. An example of this is seen in the ability to fix bugs in a microservice architecture. A feature that handles a bug can be independently deployed, and the service can be updated without interrupting the process of continuous delivery (i.e. other service developments are unaffected).
True or False: All microservices in a Microservices Architecture share one common database for easy data access.
False
True or False: Mist computing is NOT a required sub-component of Fog Computing.
True
Which of the following statements about Microservices Architecture is FALSE?
Services do not need to share the same technology stack, libraries, or frameworks
Services can be updated without redeploying the entire application
Each service is self-contained and should implement a single business capability
Services should have tight coupling and low functional cohesion
Services should have tight coupling and low functional cohesion
____________ is a trusted third-party that can conduct independent assessment of cloud services, performance, and security of the cloud implementation.
Cloud Auditor
Local computing capability on or next to a sensor that is network-accessible is an example of __________
Edge Computing
_____________ focuses on the fidelity of data and applications received from another system and whether they are useable or not.
Portability
____________ is an isolated workload environment that can be used for deploying and running microservices.
Container
___________ is the network of dedicated physical objects that contain embedded technology to sense or interact with their internal state or external environment.
Internet of Things
Which of the following statements about Fog Computing are TRUE? [Select 2]
It runs specific applications in a fixed logic location and provides a direct transmission service
It supports processing of data of different forms acquired through various network communication capabilities
Fog computing applications involve real-time interactions rather than batch processing
Fog computing is limited to a small number of peripheral devices
It supports processing of data of different forms acquired through various network communication capabilities
Fog computing applications involve real-time interactions rather than batch processing
Which of the following can be classified as a TECHNICAL risk of cloud computing? [Select 3]
API and management interface compromise
Forced lock-in with the cloud provider
Denial of Service due to misconfiguration or system vulnerabilities
Storage of data in multiple jurisdictions along with lack of transparency
Incomplete deletion of data
API and management interface compromise
Denial of Service due to misconfiguration or system vulnerabilities
Incomplete deletion of data
Which of the following components are required for a successful MSA implementation? [Select 3]
Effective data and service management tools
Decentralized approach to service development
Hierarchical organizational structure with interdependent development teams
Unique technology stack for each microservice
Competency in agile and DevOps practices
Effective data and service management tools
Decentralized approach to service development
Competency in agile and DevOps practices
A standard way of translating between software from different vendors is achieved by using:
Middleware
Which of the following statements regarding CompTIA Cloud Essentials is incorrect?
A. The certification is a Specialty certification
B. There is an exam that maps to this course
C. This course prepares you for the exam
D. The course is specific to Cisco systems
D
Which of the following is NOT a major focus in this course?
A. Business impacts
B. Risk mitigation
C. General networking concepts
D. Technology options
C
Which of the following cloud features increases the available IT infrastructure resources to meet the demands?
A. Reliability
B. Resource metering
C. Scalability
D. Broad network access
C
What aspect of cloud computing allows you to save on costs in a direct fashion?
A. Read-only replicas
B. On-demand
C. Resource metering
D. Quickly expanding storage
B
Which of the following is an example of a resource pooling technology?
A. Hotmail
B. Cisco UCS
C. Gmail
D. Open standards
B
Which of the following is a valid advantage of server virtualization?
A. Fully automated elasticity
B. Unlimited virtual machine usage
C. No need for a software layer
D. Independent hardware
D
The client OS is virtualized with VDI. True or false?
A. True
B. False
A
Which is not a typical step with virtual machine (server) creation in a public cloud?
A. Selection of the OS
B. Sizing of the hardware resources
C. Securing access to the VM
D. Downloading of OS software
D
What does Microsoft use as a virtualization product?
A. vSphere
B. Fusion
C. Hyper-V
D. ZenWorks
C
Which of the following provisioning types is most suitable for a virtual hard disk with 200 GB of space, and ensures that disk storage can be flexibly allocated between virtual machines?
A. Thick provisioning
B. Random provisioning
C. Thin provisioning
D. Test provisioning
C
When using Hyper-V's TURN OFF feature, data loss could occur within the virtual machine. True or False?
A. True
B. False
A
What took place in the 1960s that was an early example of the cloud technology we see today?
A. Web-based E-mail
B. Expensive computer hardware was shared
C. Application Service Providers
D. Service-oriented Architecture
B
Which of the following is an early example of cloud technology?
A. Top of rack policy enforcement
B. Infrastructure As A Service
C. Data center interconnects
D. Web-based email in the form of Hotmail
D
Which of the following featured applications were built using component services that could be distributed across connected systems?
A. SOA
B. Virtualized APIs
C. Distributed middleware
D. ASP
A
Which of the following provide incentive for a company to adopt cloud solutions? (Choose three)
A. Excess resources
B. Large sunk expense costs
C. Predictable and fixed workloads
D. Variable user base
ABD
Which of the following is not a negative indicator for a company moving to the cloud?
A. Possessing a large data center
B. Failing to meet increased demand
C. Compliance issues
D. The need for assured operational characteristics
B
Which of the following are examples of SaaS? (Choose two)
A. Twitter
B. Gmail
C. AWS S3
D. Azure
AB
Which of the following is an example of PaaS?
A. SalesForce
B. Azure
C. Gmail
D. DropBox
B
Using AWS EC2 instances is an example of which of the following?
A. BPaaS
B. IaaS
C. PaaS
D. SaaS
B
Which of the following is a commonality between cloud and outsourcing?
A. Tailor made solutions
B. Contract length
C. Both are very specific to IT
D. Vendor lock-in
D
Cloud services tend to feature much longer contract durations compared to traditional outsourcing. True or false?
A. True
B. False
B
For software libraries, which of the following platforms play a vital role in cloud services?
A. SaaS
B. BPaaS
C. IaaS
D. PaaS
D
Data that's been unaltered during transmission is an example of which of the following?
A. Integrity
B. Authentication
C. Accounting
D. Logging
A
Load Balancing can provide which of the following?
A. Availability
B. Troubleshooting
C. Compliance
D. Auditing
A
AWS is a classic example of which of the following?
A. Private
B. Public
C. Community
D. Hybrid
B
When a company uses its own internal cloud IaaS, which of the following deployment types is this an example of?
A. Private
B. Community
C. Hybrid
D. Public
A
When a company participates with others to provide cloud services, which of the following is this an example of?
A. Community
B. Hybrid
C. Public
D. Private
A
What is the measure of delay when using cloud services?
A. Latency
B. SLA
C. Packet loss
D. Attenuation
A
Which of the following terms can be defined as the use of a third party to assist in authentication?
A. Logging
B. WAP
C. Federation
D. Encryption
C
_____ is an example of standardization with cloud adoption?
A. API
B. As a Service
C. Patches and updates
D. Private cloud
A
When it comes to performance, which of the following is critical when trying to ensure a successful cloud adoption?
A. Replication
B. SLA
C. Time
D. Rate per MB
B
Which of the following is not a major concern or risk when moving to the cloud?
A. On-demand
B. Integration
C. Security
D. Replication
A
Which of the following is a traditional approach to application development?
A. Agile
B. Iterative
C. Test and Run
D. Waterfall
D
Which of the following are often associated with cloud technologies? (Choose two)
A. Web-based
B. SOA
C. Monolithic
D. Client-only
AB
There is often a single level of cloud service you should recommend. True or false?
A. True
B. False
B
Which two of the following are often considered critical deployment steps for cloud? (Choose two)
A. Risk assessment
B. Pilot
C. Scrum techniques
D. Forklift upgrade
AB
What protocol is recommended when connecting to virtual machines in your cloud provider?
A. SSH
B. HTTP
C. Telnet
D. FTP
A
The maintenance of software libraries is the most critical for a cloud vendor offering what type of cloud service?
A. IaaS
B. SaaS
C. PaaS
D. NaaS
C
What is critical to have in place in the event your cloud provider ceases operations?
A. Exit strategy
B. SLA documents
C. Security audit
D. Compliance review
A
Which of the following is not a cloud deployment option?
A. Public
B. Open Standard
C. Private
D. Community
B
Cloud technologies often used a shared infrastructure? True or false?
A. True
B. False
A
Which of the following is not a recommended technique when migrating applications to the cloud?
A. Consider a pilot
B. Target non-mission critical apps first
C. PaaS first
D. Target easy apps to migrate first
C
What type of app might be an excellent first choice for migration?
A. Monolithic
B. Simple desktop productivity app
C. Transaction-based
D. Mission-critical
B
An IT organization tends to be more concerned about service reliability than resource availability when they move to the cloud. True or false?
A. True
B. False
A
Which of the following is not a service phase in ITIL?
A. Operation
B. Disposal
C. Transition
D. Strategy
E. Design
B
IAM is part of what area of ITIL?
A. Information Security Management
B. Service Transition
C. Change Management
D. Incident Response
A
Incident management is part of what ITIL service phase?
A. Service Strategy
B. Service Operation
C. Service Design
D. Service Transition
B
What are two aspects of the service transition phase? (Choose two)
A. Change Management
B. Knowledge Management
C. Information Security Management
D. Service Level Management
E. Financial Management
AB
Compliance in the context of the cloud means meeting regulatory or legal requirements. True or false?
A. True
B. False
A
If you are using AWS as your public cloud, it is your responsibility to ensure all aspects of compliance. True or false?
A. True
B. False
B
Which type of cost tends to be variable?
A. CAPEX
B. Initial investment costs
C. OPEX
D. Sunk costs
C
Cloud costs tend to be most comparable to what type of cost?
A. A lease for a new building
B. An electric utility bill
C. A bill for initial server acquisitions
D. None of these options are correct
B
When comparing cloud and outsourcing services, the cloud providers have more customers than outsourcing. True or false?
A. True
B. False
A
Which of the following is not a valid method of demonstrating strategic flexibility?
A. Moving to a new application
B. Avoiding vendor lock-in be ensuring migration to another cloud
C. Bringing the IT infrastructure components in house
D. Performing an annual independent audit of the cloud provider hardware
D
With cloud computing services, hardware purchases, software purchases, and IT support are the responsibility of whom?
A. Internet service provider
B. RraaS provider
C. SaaS provider
D. Application service provider
C
Which term best describes the ability to rapidly increase user accounts for a given cloud service?
A. Volatility
B. Synchronicity
C. Viability
D. Elasticity
D
Which option describes a benefit of virtualized servers?
A. Shared hardware
B. Individual hardware per virtual server
C. Physical servers taking less room space than virtual servers
D. Virtual servers taking less disk space than physical servers
A
Your company runs a virtualized web application server in-house. You decide to make the web applications available over the Internet through a cloud provider. Which method represents the quickest way to accomplish this?
A. Create a new cloud server, install web services, and install and configure web applications.
B. Create a new cloud server, install web services, and import web application data.
C. Migrate your in-house web application server to the cloud.
D. This cannot be done — only generic applications are available through the cloud.
C
Which term from the past describes the sharing of mainframe computing resources?
A. Time-sharing
B. Time division multiplexing
C. Mainframe-sharing
D. XaaS
A
Purchasing software and providing it to a third party that installs and manages that software is an example of which of the following?
A. Virtualization
B. Application service provider
C. Platform as a service
D. Private cloud
B
You are the IT director for a retail clothing outlet. Your competitors are using Internet-delivered inventory, storage, and backup solutions from a specific provider. You conclude it is best that your company use the same services from the same provider. What type of cloud will you be subscribing to?
A. Community cloud
B. Retail cloud
C. Private cloud
D. Public cloud
A
For which businesses would cloud computing be best suited? (Choose two.)
A. Waterfront marketplace that thrives during the summer tourist season
B. Rural medical practice with four employees
C. Law enforcement agency
D. A new company start-up that manufactures watercraft
AD
Which of the following are valid reasons for a firm's not adopting a cloud solution? (Choose two.)
A. Local hardware is being fully utilized for unchanging IT workloads.
B. The number of employees rarely changes.
C. The number of employees changes often.
D. The firm experiences unpredictable project spikes throughout the year.
AB
As a developer for a software company, you have decided to build and test your web applications in a cloud environment. Which type of cloud service best meets your needs?
A. PaaS
B. SaaS
C. IaaS
D. Xaas
A
How are cloud computing and outsourcing similar?
A. Immediate scalability
B. Vendor lock-in
C. Long contract renegotiation
D. Tailor-made client solutions
B
Which of the following is a benefit of outsourcing?
A. Immediate scalability
B. Vendor lock-in
C. Long contract renegotiation
D. Tailor-made client solutions
D
True or false? Cloud computing is a form of outsourcing.
A. True
B. False
A
What cloud computing characteristic ensures services and data are always reachable?
A. Confidentiality
B. Integrity
C. Availability
D. Scalability
C
You must ensure that your business computing resources can quickly grow as business demands change. Which of the following allows this?
A. Confidentiality
B. Integrity
C. Availability
D. Scalability
D
[Blank] protects data contents, while [blank] ensures that data has not been tampered with.
A. Availability, scalability
B. Integrity, confidentiality
C. Scalability, availability
D. Confidentiality, integrity
D
Which of the following are related to cloud computing costs? (Choose two.)
A. Monthly subscription
B. Server hardware costs
C. Usage fees
D. Software licensing costs
AC
How does cloud computing help an organization as new opportunities arise? (Choose two.)
A. Shifting operating expenses to capital expenses
B. Speedy addition of computing resources
C. Less cost for new server hardware
D. Speedy removal of computing resources
BD
[Blank] and [blank] give cloud customers a competitive advantage.
A. Integrity, confidentiality
B. Availability, integrity
C. Time to market, collaboration
D. Collaboration, confidentiality
C
Which of the following statements are true? (Choose two.)
A. Public clouds are for the exclusive use of a single organization.
B. Private clouds are for the exclusive use of a single organization
C. Public clouds are offered over an intranet.
D. Public clouds are offered over the Internet.
BD
True or false? Virtual servers are used only in public clouds.
A. True
B. False
B
When creating cloud virtual servers, which of the following must be specified? (Choose two.)
A. Username and password
B. Server name
C. IP address
D. Operating system licensing
AB
You are linking your company's Microsoft Active Directory user accounts to your cloud provider for federated identity management. What type of configuration must you create within your company?
A. Identity trust
B. XML provider
C. Relying party trust
D. JSON provider
C
Your public cloud environment is configured such that additional cloud storage is allocated to a virtual server when the used disk space on that server reaches more than 80 percent of disk capacity. Which term best describes this configuration?
A. Elasticity
B. Automation
C. Self-service
D. Disk latency
B
Which of the following might factor into an exit strategy for a cloud customer?
A. Vendor lock-in
B. Self-service
C. Standardization
D. Automation
C
Which of the following is not considered a cloud computing risk?
A. Loss of network connectivity
B. Data stored in the cloud
C. Network latency
D. Host-based firewalls
D
What is a benefit of PaaS?
A. Rapid application development
B. Replication
C. High bandwidth
D. Low latency
A
Developers build these components in the cloud.
A. Federation identity providers
B. Cloud load balancers
C. SaaS user mailboxes
D. Web services
D
Which of the following is NOT a recognized cloud classification model?
A. IaaS
​B. QoS
​C. PaaS
​D. SaaS
B
In keeping with organizational goals of a corporation when deploying an application to a cloud services provider, which of the following is NOT a selection criteria for choosing a pilot?
A. Security of application data
​B. Usability in a cloud environment
​C. Successful completion
D. Low impact of failure
C
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
A. Service Upgrade
​B. Service Disconnection
​C. Service Operation
D. Service Continuance
C
In using a structured approach to explore the potential impact of cloud computing in an organization undergoing the impact and changes that occur during Cloud service adoption, which of the following is an ITIL Service Lifecycle consideration?
A. Service Occurrence
​B. Service Optimization
​C. Service Ownership
D. Service Operation
D
Which of following is the MOST beneficial aspect of public cloud deployment for a startup company?
A. Ease of infrastructure management
​B. Reduced Mean Time to Implement
​C. Shared company resources
D. No upfront capital expenditure
D
A webmail service hosted by an MSP for which of the following is considered a private cloud?
A. A single company
​B. Nonprofit companies
​C. Many companies
D. Marketing companies
A
Which of the following recognized approaches for managing an organization's technology environment can be applied to cloud computing services?
A. American National Standards Institute (ANSI)
​B. National Institute of Standards and Technology (NIST)
​C. Information Technology Infrastructure Library (ITIL)
D. Project Management Institute (PMI)
C
Which of the following is the MOST likely reason for subscribing to PaaS?
A. Virus protection
​B. Software application access
​C. Application development
D. Infrastructure tuning
C
A company's email software vendor charged them $500 a month to use software, licensed for the maximum number of active email addresses. The company switched to a cloud-based email software that charged based on the number of active email addresses each month. The company was billed $100 the first month, $200 the second month, and $100 for the remaining 10 months of the year. After a year, how much money did the company save by switching to cloud computing?
A. $1,300
​B. $4,500
​C. $4,700
D. $6,000
C
Which of the following is the MOST widely used example of cloud computing?
A. Business ratings
​B. Online email
​C. Online education
​D. Geo-caching
B
Which of the following storage provisioning methods is implemented at the hardware level of a SAN and can be completed in either a soft or hard basis?
A. LUN masking
​B. Network share creation
​C. Zoning
D. Multipathing
C
For which of the following protocols will an administrator configure a trap to collect system state data?
A. SNMP
​B. FTPS
​C. IPMI
D. SMTP
A
Which of the following commands provides measurements of round-trip network latency?
A. ping
​B. route
​C. arp
D. nslookup
A
Compared to Type II hypervisors, Type I hypervisors generally have lower:
A. numbers of VMs per host
​B. requirements for host overhead
​C. numbers of hosts installed in datacenters
D. costs
B
Which of the following methods can an Administrator use to force an array to allow data to be distributed one node at a time in a private cloud implementation?
A. Least connections
​B. Least used
​C. Best bandwidth
​D. Round robin
D
Which of the following should an administrator use when marking VLAN traffic?
A. Virtual Local Area Network tagging
​B. Network Address Translation
​C. Subnetting
D. Port Address Translation
A
Which of the following will allow an administrator to quickly revert a VM back to a previous state?
A. Metadata
​B. Snapshots
​C. Extended metadata
D. Cloning
B
Which of the following is the meaning of IaaS?
A. IT as a Service
​B. Information as a Service
​C. Infrastructure as a Service
D. Identity as a Service
C
Which of the following is the meaning of PaaS?
A. Ping as a Service
​B. Process as a Service
​C. Programming as a Service
D. Platform as a Service
D
Which of the following is the meaning of SaaS?
A. Solutions as a Service
​B. Software as a Service
​C. Servers as a Service
D. Security as a Service
B
A community name is used by:
A. WMI
​B. SMTP
​C. SNMP
​D. SMS
C
Which of the following high availability solutions would a cloud service provider use when deploying Software as a Service?
​A. Virtual switches
​B. Multipathing
​C. Load balancing
​D. Clustering servers
D
Which of the following hypervisor types requires the least overhead?
​A. Type II
​B. open source
​C. Type I
​D. hosted
C
In a RAID 6 environment a technician is trying to calculate how many read operations would be made. How many read operations would be required in RAID 6?
​A. One
​B. Four
​C. Two
​D. Three
D
Which of the following allows authentication based on something you are? (Select TWO)
​A. Passwords
​B. Access badge
​C. Retina scan
​D. Key fobs
​E. Voice recognition
​F. PIN
CE
What deployment model is the most popular today and allows companies to host their own cloud services while relying on cloud vendors for other services?
A. Public
B. Hybrid
C. Community
D. Private
B
What is not a common cloud component categorization?
A. Application
B. Legacy
C. Compute
D. Network
E. Storage
F. Security
B
Which is not a typical area of interaction between cloud and non-cloud resources?
A. Firewalling
B. Authentication
C. Physical security
D. Internet connectivity to the cloud
C
Which of the following is not a typical concern for your deployment plan regarding a key internal application?
A. Dynamic IP address needs
B. Direct access to HW requirement
C. Large file transfers
D. Legacy API usage
A
Which cloud technique should be considered if you wanted to ease the administration required for a common, simple task?
A. Elasticity
B. Automation
C. Load balancing
D. Orchestration
B
Which of the following is not a typical choice you must make regarding a target host in the cloud?
A. RAM
B. Disk Type
C. CPUs
D. 64-bit vs 32-bit
D
Which of the following is not a typical part of a cloud deployment execution plan?
A. Workflow execution
B. Documentation
C. Change management
D. Access audits
D
Which of the following is false?
A. Vulnerability testing seeks to find security flaws in the IT infrastructure
B. Load testing can be critical to test promised service levels
C. Common deployment types include Production, Development, and QA
D. With public clouds, you can typically perform penetration testing whenever it's convenient for you
D
Which of the following head-to-head comparisons might you engage in with your deployment test data? (Choose two)
A. Existing logs
B. Compliance reports
C. User feedback
D. SLAs
E. Baselines
DE
Match the virtual network technology with the best definition.
1. VXLAN
2. DMZ
3. Microsegmentation
4. Subnet
A. Each host in it's own domain
B. 16 Million IDs
C. Sizing for future expansion is important
D. Services secured for outside network access
BDAC
In Microsoft Azure, which component of networking allows for easier management of cloud components?
A. Virtual Partitions
B. Virtual Collections
C. Resource Groups
D. Virtual Private Clouds
C
Which CPU technology might be required by your VMware image in order for it to function properly?
A. Ballooning
B. VT-x
C. Caching
D. Bursting
B
Where is the most likely use of FC as the communication protocol in storage?
A. DAS
B. NAS
C. SAN
D. Object-based
C
S3 is an example of which type of storage technology?
A. File-based
B. Object-based
C. Block-based
D. Folder-based
B
Which property is associated with thin provisioning?
A. Compression
B. Tiering
C. Strict reservations
D. Dynamic expansion
D
What type of replication strategy copies data to a redundant storage location immediately as data is written?
A. Asynchronous
B. Intra-region
C. Inter-region
D. Synchronous
D
Which AWS S3 technology allows for the cloning of original files before modification to them?
A. Encryption
B. Versioning
C. Bucket Mirroring
D. Object logging
B
Which migration type should be performed if you discover your app did not support virtualization properly?
A. V2P
B. V2V
C. P2V
D. P2P
A
What does "follow the sun" mean in terms of workload migrations?
A. You can safely ignore time zone concerns when provisioning resources
B. Services must be available at sun up in a certain region
C. Always use GMT when scheduling services
D. Never have a service running for more than 24 hours
B
To convey the identity of a user, which of the following is passed between a federation server and a domain?
A. Username and password
B. SID only
C. Password only
D. Token
D
Which of the following is not a major concern you should have when thinking about cloud technologies and security?
A. Consider applicable laws and regulations
B. Always use the latest in security technologies
C. Consider best practices for resources
D. Consider your company security policy
B
What does GRE offer for security when it tunnels IP traffic?
A. DES
B. AES
C. 3DES
D. Nothing
D
If you're engaged with a Google Cloud IaaS, which of the following should not concern you?
A. Disabling unneeded ports and services
B. Security patching for VMs
C. Installation of anti-malware on the VM
D. Physical security of the host
D
A user account that gains the needed permissions from a group membership is known as which of the following?
A. Mandatory access control
B. Open access
C. Non-discretionary access control
D. Discretionary access control
D
Within AWS, which security structure should be used to control the traffic flowing between your subnets in your VPC?
A. Security Group
B. Network ACL
C. Role
D. WAF
B
In cloud security, what does MFA stand for?
Multi-Factor Authentication
The organized controlled collection, and execution of many tasks is what in the cloud?
A. Scalability
B. Scripting
C. Automation
D. Orchestration
D
What is the point of a Blue - Green deployment model?
A. Both environments can serve requests increasing scalability
B. To permit testing, one of the two deployments is not active
C. Each deployment is in a different region to increase HA
D. Each deployment always runs a different code version
B
Which of the following is a small update designed to fix a flaw and is often considered an emergency measure?
A. Rollback
B. Hotfix
C. Update
D. Patch
B
Which of the following backs up everything since the last full backup?
A. Differential
B. Daily
C. Read only replica
D. Incremental
A
Regarding your disaster recovery method, which of the following should be a key consideration?
A. Hypervisor type
B. Bandwidth
C. API selection
D. Hardware vendor
B
In AWS, different Availability Zones are located in which construct?
A. Regions
B. Data Centers
C. Areas
D. Continents
A
Regarding cloud technology, what does BCP stand for?
A. Backup Colocation Procedure
B. Big Compute Processing
C. Business Progress Planning
D. Business Continuity Plan
D
Which of the following is not an example of a maintenance task we would automate in a cloud environment?
A. Cleanup of orphaned resources
B. Clearing of log files
C. Provision and deployment of a new firewall
D. Removal of inactive accounts
C
Which of the following is related to monitoring and can be defined as an occurrence that is out of the ordinary?
A. Event
B. Correlation
C. Baseline
D. Anomaly
D
Within IT, what does CMDB stand for?
A. Cloud Management Database
B. Configuration Management Database
C. Cloud Management Data Block
D. Configuration Monitoring Database
B
Which of the following permits dynamic elasticity?
A. Auto Encryption
B. Auto Scaling
C. Replication
D. Auto Migration
B
Which of the following is not a typical account lifecycle event?
A. Deletion
B. Creation
C. Move
D. Deactivation
C
Following the deployment of your cloud resources, which of the following would you most likely not be monitoring?
A. CPU utilization
B. RAM utilization
C. Root account access
D. Storage utilization
C
You've decided to provide a web application and scale it by using many small Linux instances. Adding four instances and load balancing between them over the last month is an example of which of the following?
A. Scaling up
B. Scaling out
C. Scaling down
D. Scaling in
B
Which of the following might govern how we need to report metrics for our cloud infrastructure? (Choose two)
A. Based on SLA
B. Public cloud vendor requirement
C. Corporate policy
D. Third party mandate
AC
Order these troubleshooting methodology steps with the first step on top to the last step on the bottom.
A. Establish a theory
B. Implement preventative measures
C. Establish a plan of action
D. Identify the problem
DACB
While troubleshooting your cloud issue, you discover there are multiple problems. Which of the following should you do?
A. Group the problems together and solve holistically
B. Escalate
C. Approach each individually
D. Begin the establishment of a new theory
C
If a top-to-bottom troubleshooting approach is used, which layer of the OSI model should you start with?
A. Physical
B. Application
C. Network
D. Presentation
B
You've discovered that your theory of probable cause for a cloud issue is not correct. Which of the following are common next steps? (Choose two)
A. Adopt the "divide and conquer" approach
B. Escalate
C. Document your results
D. Establish a new theory
BD
When developing your plan of action, it is most important to consider which of the following?
A. Speed of change
B. Costs
C. Potential effects
D. Ease of documentation
C
Which of the following is the least critical to document?
A. Findings
B. Time per phase
C. Actions
D. Outcomes
B
Why is the phrase "noisy neighbor" often used in Cloud?
A. Contention for shared resources
B. SLA failures
C. Lack of monitoring tools
D. Global regions
A
Which of the following is a common measurement tool for performance statistics that provides a starting point?
A. Set
B. Baseline
C. Group
D. SLA
B
Regarding automation, why is the need to troubleshoot so common? (Choose two)
A. Newness of the approach
B. Level of complexity
C. Stability of the Internet
D. Lack of feedback
BD
Which network component might cause an issue even though its design is to improve network performance?
A. NAT
B. SNMP
C. QoS
D. Virtualization
C
Which of the following might you need to adjust in order to ping test your EC2 instance?
A. Security Group
B. S3
C. IAM
D. KMS
A
Regarding certificates and your cloud infrastructure, which of the following are common issues ? (Choose two)
A. Expiration
B. Corruption
C. Misconfiguration
D. Public key capture
AC
Triple Data Encryption Standard (3DES)
A symmetrical cipher. Three encryption keys of various lengths are used. The first key is used to encrypt a block of data, a second key is then used to decrypt the block, and a third key is used to encrypt it again. This triple encryption function on each block of data is reversed to decrypt the data.
Address Resolution Protocol (ARP)
The protocol that determines the mapping of an IP address to the physical MAC address on a local network.
Advanced Encryption Standard (AES)
This is a symmetrical block cipher. Approved and adopted by many governments, including the United States and Canada, to encrypt sensitive data. Adopted as a standard by the National Institute of Standards and Technology.
anomaly
A metric that is either above or below your expectations.
application life cycle
The management of a software application from the initial planning stages through to its retirement.
application programming interface (API)
The means to programmatically access, control, and configure a device between different and discrete software components.
asynchronous replication
Writes the data to the primary storage location and then later sends copies to the remote replicas. With asynchronous replication, there will be a delay as the data is copied to the backup site and becomes consistent because it uses a store-and-forward design.
authentication
The process of determining the identity of a client usually by a login process.
automation
Software systems operating in a cloud provider's data center that automate the deployment and monitoring of cloud offerings.
autoscaling
The dynamic process of adding and removing cloud capacity.
availability
Percentage of service uptime. It is the total uptime versus the total time.
availability zones
Isolated locations within data center regions that public cloud services originate and operate.
backup target
The endpoint or storage system where the backup data is to be stored.
backup window
The time available for the backup operation to run while the target storage system is either offline or lightly used.
bare metal
Server hardware including motherboards and storage, processing, and networking components. A bare-metal server does not run a hypervisor.
baseline
Collected data that provides trend analysis and capacity utilization information measured over time to determine average or expected metrics of a service in normal operation; a point-in-time view of operations that needs to be constantly tracked as part of your ongoing operations.
Business Process as a Service (BPaaS)
This is when a company outsources to the cloud many business applications, such as inventory, shipping, supply chain finance, and other business software applications.
business continuity plan
A plan that recognizes there are inherent threats and risks that can have a detrimental effect on a company and that defines how to protect the company assets and be able to survive a disaster. This gives an organization the ability to continue operations and to deliver products and services after an event that disrupts its operations.
Communications as a Service (CaaS)
It includes cloud-hosted voice, video conferencing, instant messaging, e-mail, collaboration, and other communication services.
capacity
The end-to-end metric for maximum available network bandwidth and utilized capacity, or rate, from source to destination. It can also be the maximum amount that something can contain or, in the case of cloud resources, the maximum supported capacity of any object or service.
change advisory board
Supports the change management team by reviewing, sequencing, and approving changes that have been requested; by determining the priorities; and by planning for all upcoming changes.
change approvals
The process dedicated to approving or denying all change requests submitted by an organization's IT operations.
change management
The process of managing all aspects of ongoing upgrades, repairs, and reconfigurations.
cipher
Any method of encrypting data by concealing its readability and meaning.
cloud bursting
Elasticity model where a primary data center carries the current compute load, and when additional capacity is required, a remote cloud can assist with the load.
cloud computing
Outsourcing of data center operations, applications, or any part of operations for a provider of computing resources.
cloud management
To make sure a cloud deployment is optimized for the applications, meets performance agreements, is secure, has no faults or alarms, and is configured correctly; also that all accounting data is collected.
cloud object storage
Storage data such as a common file that is paired with metadata and combined into a storage object.
cloud segmentation
The process of dividing the cloud deployment into small sections to allow for granular security polices to be applied.
cloud service models
standardized cloud service offerings.
clusters
Groups of computers interconnected by a local area network and tightly coupled together.
co-location
A shared data center operation offered by a service provider.
cold site
When the backup data center is provisioned to take over operations in the event of a primary data center failure but the servers and infrastructure are not deployed or operational until needed.
command-line interface (CLI)
A text-based interface tool used to configure, manage, and troubleshoot devices.
compute pools
When the hypervisor virtualizes the physical CPU into virtual pools that are allocated by the hypervisor to virtual machines.
configuration management
Central repository where configurations are stored and archived. These systems also track any changes that were performed and who made the change.
console port
Serial port for CLI access.
consumer
A company or organization that purchases and uses cloud computing services.
CPU affinity
The ability to assign a processing thread to a core instead of having the hypervisor dynamically allocate it.
CPU wait time
The time that a process or thread has to wait to access a CPU for processing.
Desktop as a Service (DaaS)
This is a virtual PC desktop that is hosted in the cloud and accessed remotely by thin clients.
data archiving
The movement of inactive data, infrequently accessed data, or data that is no longer being used, to a separate storage facility for long-term storage.
data center
A facility housing computing systems.
data classification
Organizing data into different tiers or categories for the purpose of making data available as required and to meet regulatory requirements, mitigate risk, manage risk, and secure data.
database utilization
The measurement of database activity usually measured in I/O requests per second.
default network
A router interface on the local subnet that connects to the outside world. It gives computers on one network a path to other networks.
demilitarized zone (DMZ)
A section of the network that often hosts systems and servers that need to be accessed by the outside world via the Internet as well as internally
development networks
Networks used in the creation and testing of new cloud-based services and primarily used by software programmers and DevOps groups.
Dynamic Host Configuration Protocol (DHCP)
Automatically downloads networkconfigurations to a device on request to avoid static configurations
Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)
The process for computer systems' IT security. DIACAP compliance is required to be certified to meet the U.S. Department of Defense security requirements for contractors
dig
A Linux command-line utility used to resolve hostnames to IP addresses using a DNS name server.
Discretionary access controls
Give users the ability to grant or assign rights to objects and make access decisions.
Domain Name System (DNS)
Resolves a hostname to an IP address to connect to a remote device. The DNS server contains a hostname to an IP address mapping database.
Digital Signature Algorithm (DSA)
An asymmetrical encryption that uses a private key and a public key. PKI is the framework that uses protocols such as DSA for encryption. With PKI and DSA, the common implementation is an asymmetrical protocol using a public and private key pair such as DSA to set up an encrypted connection to exchange symmetrical keys. Then the symmetrical keys are used to perform bulk encryption and decryption since they are faster and require less processing.
durable storage
Storage volumes that retain data if the virtual machine is removed or deleted.
elasticity
The ability to automatically and dynamically add resources such as storage, CPUs, memory, servers, and network capacity.
ephemeral storage
Storage volumes that do not retain data if the virtual machine is removed or deleted.
event correlation
A method or process that make sense out of a large number of reported events from different sources and identifies the relationships between the events.
extended metadata
An extended list of data that can be attached to a data file for detailed index schemas.
extending the scope
To add new features and capacity to your cloud deployment.
fault tolerance
A system that will remain operational even after there has been a degradation of its systems.
federations
Multiple organizations sharing the same application. The federated identity management approach allows all participants to consolidate resources. Users share a common set of policies and access rights across multiple organizations.
Federal Risk and Authorization Management Program (FedRAMP)
A U.S. federal government-wide program that outlines the standards for a security assessment, authorization, and continuous monitoring for cloud products and services.
file backups
Backups of storage folders and files that you selected with your backup software to another storage location for later access.
FIPS 140-2
National Institute of Standards and Technology (NIST) publication that coordinates the requirements and standards for cryptography modules.
Federal Information Security Management Act (FISMA)
It is a U.S. federal law that outlines the framework to protect federal government information, operations, and facilities.
File Transfer Protocol (FTP)
It is used to send and receive files between systems on a network using a standard command set.
File Transfer Protocol Secure (FTPS)
The encrypted version of the File TransferProtocol used to securely send and receive encrypted data.
Generic Routing Encapsulation (GRE)
A standardized network tunneling protocol that is used to encapsulate any network layer protocol inside a virtual link between two locations. GRE is commonly used to create tunnels across a public network that carries private network traffic.
graphical user interface (GUI)
A graphical representation commonly used to create, configure, manage, and monitor cloud resources and services.
harden
The process of disabling all unused services, ports, and applications on a server to make it as secure as possible.
high availability
The ability of a resource to remain available after a failure of a system.
Health Insurance Portability and Accountability Act (HIPAA)
Defines the standard for protecting medical patient data. Companies that work with protected health information must ensure that all the required physical, network, and process security measures are in place and followed to meet these compliance requirements.
horizontal server scalability
Server capacity additions to respond to increased server workload.
hot site
Two fully redundant cloud data centers in sync with each other, with the standby site backing up the primary in real time in the event of a failure.
hotfix
A software update type that is intended to fix an immediate and specific problem with a quick release procedure.
Hypertext Transfer Protocol (HTTP)
A communications protocol that is used primarily on web browsers to access World Wide Web servers in the cloud.
Hypertext Transfer Protocol Secure (HTTPS)
Provides an encrypted connection from the client to the server to protect against the interception of critical information such as e-commerce or banking websites.
Infrastructure as a Service (IaaS)
The consumer is able to provision processing, storage, networks, and other fundamental computing resources and is able to deploy and run arbitrary software, which can include operating systems and applications.
ifconfig
A Linux command-line utility used to verify and configure the local networkinterfaces.
image backups
Copies of complete hard drive volumes. They are also often called disaster backup, cloning, ghosting, image backups, or block-level backups.
in-house computing
Computing systems hosted and managed by a company.
instance initialization time
The time required to start a new compute instance.
intrusion detection systems (IDSs)
Detect suspicious activity on the network in real time, by passively monitoring traffic looking for signatures of network activity that indicate an intrusion based on predefined rule sets, and generate alerts.
intrusion prevention systems (IPSs)
Detect suspicious activity on the network in real time, by passively monitoring traffic looking for signatures of network activity that indicate an intrusion based on predefined rule sets, and actively shut down the intrusion.
IP Security (IPsec)
A framework or architecture that uses many different protocols to provide integrity, confidentiality of data, and authentication of data on a TCP/IP network.
ipconfig
A Windows command-line utility used to verify and configure the local network interfaces.
International Organization for Standardization (ISO) 27001
A standard for quality that ensures a cloud provider meets all regulatory and statutory requirements for its product and service offerings.
ITAR
Restricts information from being disseminated to certain foreign entities that could assist in the import or export of arms. ITAR is a list of data security requirements that cloud companies can certify as being compliant with to meet this U.S. requirement.
JavaScript Object Notation (JSON)
A lightweight data-interchange format standard that is easily readable and for computing systems to parse and to generate.
jitter
The variable delay between packets from source to destination.
jumbo frame
Ethernet frame larger than the standard 1,518 bytes.
L2TP
A remote access communications protocol that is a common method to connect to a remote device over the Internet
load balancing
Allows for many servers to share an application load, redundancy, and scalability by allocating traffic to many devices instead of to a single device.
load testing
Testing that puts a demand or load on your application or compute system and measures the response.
local backup
Created when data in a data center is stored on its primary storage array and a backup operation is performed.
logging
The detailed transaction records generated by all elements in the cloud for the transactions and interactions of a device or system.
mainframe computers
Large centralized computing systems.
maintenance window
A scheduled time that maintenance can be performed and outages are planned for ongoing support of operations.
Managed Security as a Service (MSaaS)
Specialize in cloud-based managed security services.
mandatory access control (MAC)
Highly controlled systems where the access is defined by strict levels of access that are common in secure environments such as defense or financial systems.
tracert/traceroute
A command-line utility used for network path troubleshooting. This utility shows the routed path a packet of data takes from source to destination.
Maximum Transmission Unit (MTU)
The standard largest Ethernet frame size that can be transmitted into the network: 1,518 bytes.
mean time between failure (MTBF)
The life expectancy of a hardware component, in other words, how long it is expected to operate before a failure.
mean time system recovery (MTSR)
time for a resilient system to complete a recovery from a service failure.
thick provisioning
The allocation of all the requested virtual storage capacity at the time the disk is created.
thin provisioning
The allocation of the minimum amount of the requested virtual storage capacity required at the time the disk is created.
task runtime
The time to run a task from the task request to task completion.
mean time to repair (MTTR)
The time required to repair a damaged hardware component.
mean time to switchover (MTSO)
The time required from when a service failure occurs to when the backup system resumes operations.
memory ballooning
A hypervisor function that allows the hypervisor to reclaim unused memory from a VM running on top of the hypervisor and allocates that memory for other uses.
Telnet
A virtual terminal application that allows for command-line logins to a remote device.
templates
Software representations of network systems. By using these templates, you can deploy complete cloud systems at a single time.
subnet mask
Segments an existing IP address in a TCP/IP network and divides the address into network and host addresses. Subnetting can further divide the host portion of an IP address into additional subnets to route traffic within the larger subnet.
memory pools
When the hypervisor virtualizes physical RAM into pools that are allocated for use to the virtual machines.
metadata
Part of a file or sector header in a storage system that is used to identify the content of the data.
metric
A standard of measurement that defines the conditions and the rules for performing the measurement and for understanding the results of a measurement.
swap file
A file on a hard disk used to provide space for programs that have been transferred from the processor's memory.
synchronous replication
The process of replicating data in real time from the primary storage system to a remote facility. Synchronous replication writes data to both the primary storage system and the replica simultaneously to ensure that the remote data is current with local replicas. Data is always consistent between replicas.
storage pools
When the hypervisor virtualizes physical storage capacity into storage pools that are allocated for use to the virtual machines.
mirrors
A site that is updated constantly with data files and server information in case of a primary site failure. The mirror can assume processing and availability. Also, with the use of mirroring, multiple sites can be active at the same time for availability, geographical proximity, capacity management, and high-demand purposes.
Motion Picture Society of America (MPAA)
published best practices for storing,processing, and delivering protected media and content securely over the Internet.
multifactor authentication
An access control technique that requires several pieces of information to be granted access. Multifactor implementations usually require you to present something you know, such as a username/password combination, and something you have, such as a smart card, fingerprint, or a constantly changing token number off an ID card.
storage scalability
The amount of storage that can be added to increase capacity because of increased workloads.
storage total capacity
The measurement of storage devices or volume capacity.
Service Organization Controls (SOC 3)
Report for public disclosure of financial controls and security reporting.
netstat
Network statistics utility found in Windows and Linux used to see which network connections are open to remote applications.
network capacity
The available network capacity usually measured by bandwidth.
storage area network (SAN)
A network that is dedicated to storage traffic and is high speed and highly redundant.
network latency
The delay, or time, it takes for data to traverse a network; the time measurement of a network packet to travel from source to destination.
network time protocol
A protocol that allows all devices to synchronize to a central clock, or time service.
National Institute of Standards (NIST)
National Institute of Standards. This is a U.S. federal organization that defines cloud computing standards and models.
nondurable storage
Storage volumes that do not retain data if the virtual machine is removed or deleted.
Service Organization Controls (SOC 1)
Report (also known as SSAE 16 and ISAE 3402). This is a report that outlines controls on a service organization and the internal controls offinancial reporting operations.
Service Organization Controls (SOC 2)
Report that concerns a business's nonfinancial reporting controls for availability, confidentiality, privacy, processing integrity, and securityof a system.
single sign-on (SSO)
Allows a user to log in just one time and be granted access rights to multiple systems.
Simple Mail Transfer Protocol (SMTP)
This is used to send e-mail messages between mail servers.
nslookup
Windows-based command-line utility used to resolve hostnames to IP addresses using a DNS server.
obfuscation
A means to complicate, confuse, or bewilder. It is used to hide information in stored data in the cloud.
snapshot
An instance-in-time image for rollbacks or backups.
service level agreement
A document that outlines specific metrics and the minimum performance or availability level and outlines the penalties for failing to meet the metrics.
object
An item that can be accessed and manipulated in the cloud. It is a cloud component where you can define the measurements that are sent to monitoring systems to collect operational data.
object ID
A pointer to a stored piece of data that is a globally unique identifier.
off-premise
Computing resources hosted remotely from a company's data center.
service provider
A company that hosts computing systems and sells computing to consumers.
Secure File Transfer Protocol (SFTP)
This is a network file exchange protocol that encrypts the data before sending it over the network.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Protocols that operate on top of TCP and provide an encrypted session between the client and the server.
offline storage
Storage that requires an administrator to make it available by inserting a tape or other media into a storage system for retrieval. Offline storage can be transported to remote storage facilities or stored in vaults for protection.
on-demand
The ability of consumers to access self-service portals to create additional cloud services on demand.
security policy
A document that defines your company's cloud controls, organizational policies, responsibilities, and underlying technologies to secure your cloud deployment.
server capacity
Usually a measurement of the total number of CPUs, CPU frequency, RAM, and storage capacity.
on-premise
Creating and hosting cloud services in-house in a private enterprise data center.
online storage
A storage system that can be accessed at any time without the requirement for a network administrator to mount the media into a storage system.
Secure Shell (SSH)
A virtual terminal application that supports an encrypted connection
to remote devices using a command-line interface.
runbooks
Software processes that perform automated tasks and responses that simplify and automate repetitive tasks.
orchestration
Orchestration systems coordinate and process tasks, functions, and workflows of cloud operations without the need for human intervention.
orchestration platforms
Cloud software used to deploy and manage cloud services.
Software as a Service (SaaS)
The consumer can use the provider's applications running on a cloud infrastructure.
scripting
A method of running configuration commands in the cloud to automate cloud deployments and security services.
orphaned resources
Cloud-based services that are left over when a service terminates and are no longer needed or used.
outage time
The total time of a single outage measured from when the outage began until it ended.
Platform as a Service (PaaS)
The consumer is able to deploy onto the cloud infrastructure applications created using programming languages and tools supported by the provider.
roll back
The process of returning software to a previous state.
route command
A command-line utility that displays the workstation's or server's local routing tables.
RSA
An asymmetrical encryption that uses a private key and a public key. PKI is the framework that uses protocols such as RSA for encryption. With PKI and RSA, the common implementation is an asymmetrical protocol using a public and private key pair such as RSA to set up an encrypted connection to exchange symmetrical keys. Then the symmetrical keys are used to perform bulk encryption and decryption since they are faster and require less processing.
packet loss
The percentage or number of packets that are dropped in the network.
patch
Software that is intended to update an application, operating system, or any other software-based system to fix or improve its operations.
pay-as-you-grow
When the consumer pays for only the cloud services used.
Representational State Transfer (REST)
A protocol that communicates between devices over HTTP/HTTPS. This is a method of providing device communications over IP networks.
resource pooling
The allocation of compute resources into a group, or pool. Then these pools are made available to a multitenant cloud environment.
response time
The time to complete an operation.
Payment Card Industry-Data Security Standard (PCI-DSS)
It sets the requirements to guarantee that companies that process, store, or transmit credit card information offer secure processing and handling of credit card data.
penetration testing
The process of testing your cloud access to determine whether there is any vulnerability that an attacker could exploit.
ping
Command-line utility used to verify that a device is available on the network and to get a reading of the response time at that moment in time.
role-based access control (RBAC)
A method in which access rights are granted to, or restricted from, users based on which roles they perform in an organization.
replicas
Backup copies of data that can be stored either locally or remotely that can act as alternative data stores from your main production operations.
replication
The process of placing copies of stored data on more than one system for disaster recovery and resiliency purposes.
Point-to-Point Tunneling Protocol (PPTP)
Allows a remote PC or network to access a remote network, such as a cloud, by encapsulating PPP packets inside of GRE tunnels.
recovery time objective (RTO)
The amount of time a system can be offline during a disaster. It is the amount of time it takes to get a service online and available after a failure.
regions
A geographical area of presence for cloud service providers.
private cloud
A cloud model that is used by a single organization.
privilege escalation
A user or service receiving account privileges that they are not allowed to possess.
production networks
Networks that host the live and in-use applications that are usually public-facing in the cloud.
reliability
The measurement—usually, as a percentage—of successful service operations compared to the total number of operations.
Rivest Cipher 4 (RC4)
This uses a shared key to encrypt and decrypt a stream of data. RC4 was commonly used to secure wireless connections and web transactions as an encryption protocol used in SSL.
Rivest Cipher 5 (RC5)
This is the replacement for RC4. It is also a symmetrical block cipher algorithm that uses a variable-length key.
public key infrastructure (PKI)
A standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/private key encryption.
Redundant Array of Independent Disks (RAID)
Redundant Array of Independent Disks. It involves combining physical disks to achieve redundancy.
Python
A high-level programming language.
quality assurance networks
Networks that are for ongoing offline maintenance to test a company's applications and software systems.
quality of service (QOS)
A general networking term for the ability of the network to provide differentiated services based on information in the Ethernet packet.
recovery point objective (RPO)
The restore point you recover to in the event of an outage. The RPO is the amount of data that may be lost when restarting the operations after a disaster.
Redundant Array of Independent Disks, RAID level 1 + 0 (RAID 1+0)
The creation of two separate RAID 1 arrays using RAID 0 to mirror them.
Redundant Array of Independent Disks, RAID level 5 (RAID 5)
It stripes file data, and check parity is stored over all the disks in the array. If any disk in a RAID 5 array fails, the parity information stored across the remaining drive can be used to re-create the data and rebuild the drive array.
Redundant Array of Independent Disks, RAID level 6 (RAID 6)
RAID level 6. This is an extension of the capabilities of RAID 5. In a RAID 6 configuration, a second parity setting is distributed across all the drives in the array. RAID 6 can suffer two simultaneous hard drive failures and not lose any data.
Redundant Array of Independent Disks, RAID level 0 (RAID 0)
A block of data is stored across two or more disks. The file is stored across more than one hard drive. RAID 0 provides no redundancy or error detection, so if one of the drives in a RAID 0 array fails, all data is lost.
Redundant Array of Independent Disks, RAID level 0 + 1 (RAID 0+1)
Stripes data to be stored first (RAID 0); then the stripe set is written to the mirror (RAID 1).
Redundant Array of Independent Disks, RAID level 1 (RAID 1)
A complete file is stored on a single disk, and then a second diskcontains an exact copy of the same file stored on the first disk.
Random access memory (RAM)
A memory resource in a bare-metal server.
trigger
The process of initiating an event report based on a metric value or threshold that is considered to be outside your baseline.
troubleshooting
process of diagnosing the cause of an impairment and resolving the issue.
ubiquitous access
The ability to access cloud services from anywhere in the network from a variety of devices.
Unified Communications as a Service (UCaaS)
This typically includes voice, video conferencing, instant messaging, e-mail, collaboration, and all other communication services that are hosted in the cloud.
variance
The measurement of the spread between the baseline and measured result.
Virtual Desktop Infrastructure (VDI)
This consists of cloud-hosted PC desktops accessed remotely.
version update
Replacing a software product with a newer version of the same product. Version updates can add new features, bring the system up-to-date, provide a rollup of all previous patches, and improve the product.
vertical server scalability
Server capacity fluctuations in response to workload fluctuations. This is from additional resources or expansion of an individual server.
virtual CPU
A physical CPU that has been re-imaged as a virtualized version of the physical CPU and assigned to a virtual machine or VM, in other words, the hardware abstraction of a physical CPU that is a virtualized representation of the CPU. VMs running on the hypervisor will use these virtual CPUs for processing.
virtual NICs
The hardware abstraction of a physical network interface card that is a virtualized representation of the NIC. VMs running on the hypervisor will use these for network connectivity to a vSwitch.
virtual private network (VPN)
Allows for a secure encrypted network connection over an insecure network such as the Internet.
virtual switch
The hardware abstraction of a physical network switch that is a virtualized representation of the switch. The vSwitch runs on the hypervisor and interconnects the VMs to the physical data network.
virtualization
Hardware abstraction that allows a single piece of physical equipment to be presented to software systems and multiple platforms.
Virtual private network (VPN)
This is a secure and usually encrypted connection over a public network.
vulnerability scanning
A software application that is used to find objects in your cloud deployment that can be exploited that are potential security threats. The vulnerability scanner is an application that has a database of known exploits and runs them against your deployment.
warm site
A disaster recovery backup site where the remote is offline except for critical data storage, which is usually a database. The rest of the site infrastructure needs to be enabled.
web server utilization
The measurement of load on a web server. This is usually measured in requests per second.
well-known port numbers
Applications that are assigned their own unique port number in the TCP/IP specification.
workflow
A series of steps or activities required to complete a task.
workflow automation
Defines a structured process for a series of actions that should be taken in order to complete a process.
workflow services
Track a process from start to finish and sequence the applications that are required to complete the process.
Everything as a Service (XaaS)
This is a complete IT services package that is a combination of many different types of cloud services.
Extensible Markup Language (XML)
This standard is a flexible way to describe data, create information formats, and electronically share structured data between computing systems.
YOU MIGHT ALSO LIKE...
BCIS Chapter 6 Review Questions
25 terms
MIS Chapter 6
28 terms
MIS Chapter 6
28 terms
CH 6
30 terms
OTHER SETS BY THIS CREATOR
CompTIA Cloud+ set 3
460 terms
CompTIA Cloud+ set 2
815 terms
AWS Cloud set 3
901 terms
AWS Cloud set 2
823 terms
OTHER QUIZLET SETS
chapter 11
59 terms
The Mission of Jesus Christ: EXAMS
195 terms
MFT Study Questions
108 terms
theology exam- mr. lacourrege
51 terms