A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication.
The QA team confirms all functional requirements successfully test. After deployment, all business users report the two-factor authentication is not enforced while accessing the instance.
Which of the following would be the MOST likely reason the QA team did not catch the issue?
- A . The business users are using the wrong hardware token to log in.
- B . The administrator configured to use two-factor authentication by default.
- C . The QA team only tested functional requirements.
- D . The business users are accessing the instance located in their country.
A customer wants to remove a user’s access to the SaaS CRM system.
Which of the following methods should be executed FIRST?
- A . User account removal
- B . User account lockout
- C . User account password change
- D . User account disablement
IaaS users are reporting longer than expected wait times when accessing the virtual file repository. There are more than 2TB of free disk space, and vCPU and vRAM do not reach more than 75% utilization. In which of the following ways should the cloud systems administrator analyze this issue?
- A . Access the cloud services portal and increase the amount of available disk space by 25%.
- B . Access the cloud services portal and check the amount of CPU and RAM on the host machine.
- C . Access the cloud services portal and look at the historical performance numbers.
- D . Access the cloud services portal and check the security log for access denied requests.
A recent advertisement campaign has increased traffic to an e-commerce application that is hosted within a public cloud environment. Customers are reporting that it takes too long to load their pages and submit orders. A cloud administrator looks at the metrics from the environment and sees high utilization of the CPU and memory resources. The cloud provider offers several preconfigured sizes for server template: x-small, small, medium, large, x-large, and 2x-large.
Given an expected increase in workload, which of the following is the BEST solution to improve application performance?
- A . Change the server template size for Inxpc003 to 2x-large.
- B . Provision additional Inxpc servers using the 2x-large template.
- C . Add memory to Inxpc002, Inxpc003, and Inxpc003.
- D . Change the role of Inxw001 from web to application.
A consultant is helping a gaming-as-a-service company set up a new cloud. The company recently bought several graphic cards that need to be added to the servers.
Which of the following should the consultant suggest as the MOST cost effective?
- A . Private
- B . Public
- C . Community
- D . SaaS
A
Explanation:
Reference: https://searchcloudcomputing.techtarget.com/definition/private-cloud
A technician receives a report of system utilization:
Which of the following additional resources should the technician add FIRST given the trend data shown above?
- A . CPU
- B . Disk
- C . Bandwidth
- D . RAM
The administrator at a SaaS provider wants to improve security of the systems hosting the SaaS application. The administrator has created a script that monitors malware research sites and automatically creates and uploads signatures when new vulnerabilities are announced.
To which of the following security services is the script MOST likely to upload these signatures?
- A . Proxy
- B . VPN
- C . Firewall
- D . IDP
An automation performs the following on a monthly basis:
– Disable accounts that have not logged on in the last 60 days
– Remove firewall rules with zero hits in the last 30 days
– Remove DNS entries that have not been updated in the last 60 days
– Archive all logs that are more than 30 days old
Six weeks after this new automation is implemented, an internal client reports that quarterly replication failover testing has failed.
Which of the following is the MOST likely cause of the failed test?
- A . Disabling accounts
- B . Removing firewall rules
- C . Removing DNS entries
- D . Archiving logs
B
Explanation:
Reference https://cloud.google.com/vpc/docs/using-firewall-rules-logging
An organization is replacing its internal human resources system with a SaaS-based application. The solution is multi-tenant, and the organization wants to ensure ubiquitous access while preventing password replay attacks.
Which of the following would BEST help to mitigate the risk?
- A . Implement destination resources authentication.
- B . Require and implement two-factor authentication.
- C . Remove administrator privileges from users’ laptops.
- D . Combine network authentication and physical security in one card/token.
A cloud administrator has finished building a virtual server template in a public cloud environment. The administrator is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, the cloud administrator notices that two of the servers do not have a public IP address.
Which of the following is the MOST likely cause?
- A . The maximum number of public IP addresses has already been reached.
- B . The two servers are not attached to the correct public subnet.
- C . There is no Internet gateway configured in the cloud environment.
- D . The two servers do not have enough virtual network adapters attached.
A company’s security policy requires full disk encryption on all clients with preboot enabled. The encryption server is hosted, and the requirement is to push an update to all endpoints.
Which of the following is the BEST method to test and apply the update with minimal disruption to end users?
- A . Access the API of the encryption server, develop a custom script, and then update all endpoints.
- B . Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints.
- C . Add the update to the standard desktop configuration image, apply the update to a test VM, and then reimage clients.
- D . Access the web UI of the encryption server and disable preboot, apply the update, test, and then deploy the update to all endpoints.
A consumer is performing a comparison between different IaaS providers for upcoming cloud migrations.
Which of the following is the MOST appropriate option to make a comparison for the selection process?
- A . Hardware technology used
- B . Virtualization platform
- C . Backup services
- D . SLA offerings
A cloud administrator runs a maintenance script to remove unused resources. After the maintenance has been performed, users report they can no longer access the application website. The administrator confirms the server is up and responding on the proper ports.
Which of the following cleanup actions MOST likely caused the problem?
- A . Removing inactive accounts
- B . Removing outdated firewall rules
- C . Removing stale DNS entries
- D . Removing orphaned resources
A company is looking for a hardware feature with the least amount of downtime in terms of firmware upgrades.
Which of the following features BEST meet this requirement?
- A . In-service upgrades
- B . Rolling upgrades
- C . Failover upgrades
- D . User-mode upgrades
A company changed its policy to have seven-year data retention in the public cloud.
Which of the following would be the MOST cost-effective way to meet retention requirements?
- A . Site mirroring
- B . Automated archiving
- C . Replication
- D . Third-party sites
A SaaS customer reports that no one can access the application portal. After some troubleshooting, the cloud administrator finds a problem and provides a remedy by restarting the cluster. After documenting the solution, the support case is closed. Multiple tenants lose access to their hosts the following day.
Which of the following troubleshooting steps did the administrator miss?
- A . Identify the problem.
- B . Establish a theory.
- C . Verify full system functionality.
- D . Test the theory.
- E . Establish a plan of action.
A company is migrating its application to a cloud provider. Six months before going live, a
representative from each stakeholder group validated the functionality and performance in the QA environment and did not identify any issues. After going live, the system response time is slower that the testing environment.
Which of the following is the MOST likely gap in the testing plan?
- A . The test scenario audiences are different between QA and production.
- B . The application version deployed in production is different than the one deployed in QA.
- C . System configuration testing in QA and production is different.
- D . The test plan in QA is different than the production environment.
A company has deployed a four-node cluster in a COLO environment with server configurations listed below. The company wants to ensure there is 50% overhead for failover and redundancy. There are currently eight VMs running within the cluster with four vCPUs x32GB each.
The company wants to better utilize its resources within the cluster without compromising failover and redundancy.
Given the information above, which of the following should a cloud administrator do to BEST accommodate failover and redundancy requirements?
- A . Ensure hyperthreading is being utilized with physical server CPUs.
- B . Ensure dynamic resource allocation is being utilized.
- C . Overcommit memory, and the systems will allocate resources as required.
- D . Set hard limits for VM resources and turn on hyperthreading.
A cloud engineer recently applied the troubleshooting process for a major connectivity issue.
Which of the following is the FINAL step in the troubleshooting methodology?
- A . Document findings, actions, and outcomes.
- B . Establish a plan of action to resolve the problem and implement the solution.
- C . Confirm the root cause of the issue.
- D . Verify full system functionality and, if applicable, implement preventive measures.
A company needs to meet the security requirements for PII.
Which of the following cloud service models allows the company to have the MOST control to meet the security requirements?
- A . SaaS
- B . IaaS
- C . PaaS
- D . XaaS
B
Explanation:
Reference: https://www.omg.org/cloud/deliverables/CSCC-Cloud-Security-Standards-What-to-Expect-and-What-to-Negotiate.pdf
A company has implemented a change management process that allows standard changes during business hours. The company’s private cloud hardware needs firmware updates and supports rolling upgrades.
Which of the following considerations should be given to upgrade firmware and make the change as transparent as possible to users?
- A . Implement the change as a standard change.
- B . Notify users before applying the change during the day.
- C . Fail the application over to perform the upgrade.
- D . Perform the change during off-hours to minimize the impact on users.
The InfoSec team has directed compliance database activity monitoring without agents on a hosted database server in the public IaaS.
Which of the following configurations is needed to ensure this requirement is achieved?
- A . Configure the agent configuration file to log to the syslog server.
- B . Configure sniffing mode on database traffic.
- C . Implement built-in database tracking functionality.
- D . Implement database encryption and secure copy to the NAS.
A cloud-based web store is experiencing poor website performance and unavailability.
Which of the following approaches would prevent the issue without administrator intervention?
- A . Install and deploy a load balancer in the front of the web server.
- B . Increase the computing resources to the web server.
- C . Increase the network’s bandwidth to handle the spike.
- D . Partner with a cloud provider to scale the required resources as needed.
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other.
Given this scenario, which of the following should the architect implement?
- A . Configure security groups.
- B . Configure HIPS policies.
- C . Configure IDS policies.
- D . Configure a network ACL.
A cloud administrator configures a new web server for the site https://companyname.com. The administrator installs a wildcard SSL certificate for *.companyname.com. When users attempt to access the site, a certificate error is received.
Which of the following is the MOST likely cause of the error?
- A . Certificate misconfigured
- B . Certificate expired
- C . Certificate revoked
- D . Certificate not signed
A company uses its own private cloud, which has few available resources. Mission-critical systems and other information systems are running on it. A new system will be deployed on the private cloud.
The following tests are included in the test plan:
✑ Load test (2h)
✑ Backup/restore test (6h)
✑ Functional test (8h)
✑ Failover test (1h)
The work schedule of the existing system is shown below.
To minimize the effect to the existing system, which of the following schedules is MOST suitable for the load test?
- A . 02:00-04:00
- B . 09:00-12:00
- C . 18:00-20:00
- D . 22:00-00:00
A new private cloud platform is being deployed by an engineer. SLA requirements state that any clusters should have a baseline redundancy sufficient to handle the failure of at least two hosts.
The engineer records the following metrics after the deployment:
Which of the following metrics is MOST likely to represent a violation of SLA?
- A . RAM utilization
- B . NIC utilization
- C . CPU utilization
- D . Disk utilization
A CSA is reviewing the deployment of an e-commerce application in a public cloud provider. The CSA wants to ensure the sizing is optimal to keep the cost of the environment down.
The available server configurations are as follows:
A review of the current system shows the following utilization information:
Which of the following should the CSA implement to ensure the MOST optimal sizing?
- A . Change the MW01, MW02, and MW03 servers to the MEDIUM instance type.
- B . Change the PROXY01 server to the MEDIUM instance type.
- C . Change the DB01 server to the LARGE instance type.
- D . Change the WEB01 server to the SMALL instance type.
A rural manufacturing company wants to move all IT services, including the industrial control systems, to the cloud.
Given this scenario, which of the following cloud services elements would be a challenge to the deployment?
- A . Computing capacity flexibility
- B . Industrial control system security
- C . Integrated service digital network
- D . Network broadband access
A technician uses a workflow to create new virtual servers in a private cloud. The workflow reports that the process was successful, but the virtual servers do not appear in the cloud dashboard.
Which of the following is the MOST likely reason the servers were not created?
- A . Job validation issue
- B . Location changes
- C . Version feature mismatch
- D . Bandwidth limitations
A user cannot consume SaaS services while working remotely. IP whitelisting is implemented to connect to a SaaS provider as a security mechanism.
Which of the following describes the MOST likely reason why the user cannot access the SaaS resources?
- A . The user is not utilizing VPN to connect to the home office.
- B . The user account does not exist in the SaaS provider.
- C . The user account is not assigned the correct role in RBAC policy.
- D . The user account has consumed all of the available subscriptions.
Email users report that it takes more than one minute to open emails, including those without attachments. There are three email instances in three different regions hosted by the same CSP. Other applications hosted by the same CSP have no reported issues.
Which of the following solutions BEST resolves the issue?
- A . Confirm that the email instances have sufficient bandwidth.
- B . Install monitoring software on the email instances.
- C . Check the antivirus software settings and disable real-time message scanning.
- D . Ensure the requested IOPS are being provided to the email instances.
An administrator defines a backup as follows:
✑ One weekly full backup
✑ Daily incremental backup
Which of the following BEST describes where the administrator would define this?
- A . Backup SLA document
- B . Backup orchestration workflow
- C . Backup schedule
- D . Provisioning schedule
A company is using storage-as-a-service from an IaaS provider for application services. The company has a mandate to protect personal information being stored on the cloud. The service provided includes encryption for in-transit data and requires a security solution for data-at-rest.
Which of the following should be deployed to secure the personal information?
- A . Implement data tokenization.
- B . Implement hardware-based encryption.
- C . Implement centralized key management.
- D . Implement database-embedded encryption.
C
Explanation:
Reference: https://info.townsendsecurity.com/definitive-guide-to-encryption-key-management-fundamentals
A company is using storage-as-a-service from an IaaS provider for application services. The company has a mandate to protect personal information being stored on the cloud. The service provided includes encryption for in-transit data and requires a security solution for data-at-rest.
Which of the following should be deployed to secure the personal information?
- A . Implement data tokenization.
- B . Implement hardware-based encryption.
- C . Implement centralized key management.
- D . Implement database-embedded encryption.
C
Explanation:
Reference: https://info.townsendsecurity.com/definitive-guide-to-encryption-key-management-fundamentals
A company is using storage-as-a-service from an IaaS provider for application services. The company has a mandate to protect personal information being stored on the cloud. The service provided includes encryption for in-transit data and requires a security solution for data-at-rest.
Which of the following should be deployed to secure the personal information?
- A . Implement data tokenization.
- B . Implement hardware-based encryption.
- C . Implement centralized key management.
- D . Implement database-embedded encryption.
C
Explanation:
Reference: https://info.townsendsecurity.com/definitive-guide-to-encryption-key-management-fundamentals
Identify the problematic device(s).
Instructions:
If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Simulation
Router 2 is the problem and this should be selected. If you examine the preshared key used for the VPN you will see that it is not configured with the correct key. It is using Cloud002 while router1 is using Cloud001
Part 2:
Update the PSK (Pre-shared key in Router2)
Add the Application Server at on-premises to the Load Balancer
After deploying a VM with a baseline CPU utilization below 80%, a cloud engineer notices the current CPU utilization stays in the 95% to 99% range.
Which of the following describes how this should be fixed to BEST meet the baseline?
- A . Deploy an additional VM based on the baseline.
- B . Enable CPU hyperthreading.
- C . Increase the CPU amount on the VM.
- D . Add more RAM to the VM to decrease CPU utilization.
Based on demand, an IaaS provider wants to deploy a security application for its customers.
Which of the following is the BEST technique for the IaaS provider to apply this to target systems?
- A . Vendor application
- B . Scripting
- C . Orchestration
- D . Custom programming
A cloud implementation engineer successfully created a new VM. However, the engineer notices the new VM is not accessible from another network. A ping test works from another VM on the same subnet.
Which of the following is the MOST likely problem?
- A . Incorrect subnet
- B . Incorrect host IP address
- C . Incorrect VLAN
- D . Incorrect gateway
A cloud engineer is deploying a new application to a multicloud platform. After running the script, the engineer sees the VMs were not created on one of the cloud providers. The engineer confirms the proper credentials are being used for all cloud providers and there is available capacity.
Which of the following is the MOST likely cause of the deployment failure?
- A . The cloud provider was not available.
- B . The application does not have an adequate number of licenses.
- C . The additional cloud provider is in a separate time zone.
- D . The script created to be deployed does not match the cloud provider API.
A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14- day retention policy for all logs.
Which of the following is the BEST solution to implement to minimize future alerts?
- A . Orchestrate a job to rotate the logs and upload to external storage.
- B . Delete any log files in the directory that are larger than 20MB.
- C . Archive the existing logs in the directory and upload to external storage.
- D . Add additional storage space to the log directory for the servers.
A new startup company is growing and wants to deploy a human resources management system on a private cloud that is only accessible to the human resources department.
Which of the following is the BEST method of access control?
- A . Discretionary access control
- B . Mandatory access control
- C . Non-discretionary access control
- D . Comprehensive access control
A cloud engineer is required to ensure all servers in the cloud environment meet requirements for PCI compliance. One of the requirements is to make certain all administrator logins and commands are logged.
Which of the following is the BEST approach to meet these requirements?
- A . Enable configuration change tracking for all servers in the public cloud provider’s dashboard.
- B . Enable detailed monitoring for all servers in the public cloud provider’s dashboard.
- C . Define and enable audit tracking rules on each server in the public cloud environment.
- D . Modify the cloud provider’s role-based authorization policies to log user session activity.
In a private cloud environment, which of the following is the BEST way to update 20 VMs with the same patch that has been regression tested and approved for rollout?
- A . Automate the distribution of the patch and use an orchestration tool to roll it out.
- B . Roll out the patch manually to the 20 VMs and reboot the system.
- C . Deploy the patch to ten VMs for testing and then install it on the remaining VMs.
- D . Install the patch on as many VMs as possible during the next maintenance window.
A cloud administrator for a state government agency is tasked with giving access to the voter registration application to a government agency in another state. Only authorized officials from each state should access the application. These agencies have a common environment where applications have been deployed in the past.
Which of the following should the cloud administrator do to give access to the application?
- A . Deploy part of the application into a public cloud and establish secure connections to a private cloud environment.
- B . Deploy the application to a community cloud that is shared with multiple state government agencies only.
- C . Deploy the application to a public cloud and implement ACLs and security access policies to limit access.
- D . Deploy the application to the state’s private cloud and give authentication credentials to the other state’s authorized officials.
A VM was deleted by mistake today at 11:05 a.m.
Below are the backups currently available for the VM:
Crash-consistent restore is acceptable.
Which of the following backups should be chosen?
- A . Snapshot from today at 11:00
- B . Full from three days ago at 00:00
- C . Incremental from today at 00:00
- D . Synthetic-full from yesterday at 12:00
While reviewing the auto-scaling events for a web application, a cloud engineer identified that the application upsized and downsized multiple times within the last hour.
Which of the following should the cloud engineer do NEXT?
- A . Add more systems into the scaling group.
- B . Review the load balancer configuration settings.
- C . Review auto-scaling policies to detect a misconfiguration.
- D . Monitor auto-scaling events for the next 24 hours.
A production IaaS database server contains PCI data and is a critical business capability. The CAB approved a normal code change release for QA and PROD to occur 30 minutes apart and to last a maximum of one hour. The cloud DBA team is 45 minutes behind schedule, so they miss the start time on QA.
As the cloud DBA, which of the following is the BEST course of action to apply the code change?
- A . Skip QA and apply the code change to PROD to meet time requirements
- B . Resubmit another change request for another time for approval
- C . Submit an emergency CAB approval to change the time to after business hours
- D . Change the time in the CAB request and apply the code change at a more convenient time
An administrator is implementing a new SaaS application. The administrator has been directed to enhance the user authentication experience.
Which of the following technologies BEST meets this requirement?
- A . Federation Services
- B . Multifactor authentication
- C . Biometric authentication
- D . Directory services
A
Explanation:
Reference: https://searchsecurity.techtarget.com/definition/two-factor-authentication
A customer has requirements for its application data to be copied into a second location for failover possibilities. Latency should be minimized, while RPO and RTO are over 15 minutes.
Which of the following technologies BEST fits the customer’s needs?
- A . Data mirroring
- B . Snapshot copies
- C . Storage cloning
- D . Asynchronous replication
B
Explanation:
Explanation:
Reference: https://cdn.armor.com/app/uploads/2015/09/27223157/Armor-disaster-recovery-white-paper.pdf
A cloud administrator is managing a VPC within an IaaS service model and needs to install quarterly updates.
Which of the following cloud components should the administrator update? (Choose three.)
- A . Network switches
- B . Hypervisor
- C . Storage array
- D . Storage switches
- E . Operating system
- F . Application
- G . Antivirus
- H . Load balancer
A company is seeking a new backup solution for its virtualized file servers that fits the following characteristics:
✑ The files stored on the servers are extremely large.
✑ Existing files receive multiple small changes per day.
✑ New files are only created once per month.
All backups are being sent to a cloud repository.
Which of the following would BEST minimize backup size?
- A . Local snapshots
- B . Differential backups
- C . File-based replication
- D . Change block tracking
B
Explanation:
Reference: https://www.acronis.com/en-us/blog/posts/tips-tricks-better-business-backup-and-recovery-world- backup-day
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network.
Which of the following describes where the security team should deploy the updated signatures?
- A . IDS
- B . Spam filter
- C . WAF
- D . NIPS
- E . HIPS
Ann, the lead product developer for a company, just hired three new developers. Ann asked the cloud administrator to give these developers access to the fileshares in the public cloud environment.
Which of the following is the BEST approach for the cloud administrator to take?
- A . Clone Ann’s account to create three new developer accounts.
- B . Distribute the credentials of Ann’s shared account to the three new developers.
- C . Copy the fileshares to each new developer’s laptop.
- D . Create a new role to access the fileshares and assign the three new developers.
A systems administrator created several new VMs on a private cloud and wants to ensure the new baseline still meets corporate guidelines.
The administrator finds the following new load numbers on the hosts:
If corporate policy requires N+1 host capacity, which of the following metrics is MOST likely to present a problem?
- A . CPU
- B . RAM
- C . DISK
- D . NETWORK
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
A company has hired a technician to build a cloud infrastructure for a massively parallel application.
Which of the following should the technician consider doing FIRST?
- A . Add a GPU to the VMs
- B . Configure the VMs to scale up automatically
- C . Allocate maximum bandwidth to the VMs
- D . Select the most compute cores for the VMs
Apply the network and security groups from the original region to the new VM.
An administrator is creating new severs in a public cloud. The workflow creates and application group with three VMs, one web server, one application server and one database server. The three VMs are all accessible via SSH, but the websites shows a 503-error referring to a database issue.
Which of the following is the MOST likely cause of the error?
- A . Misconfigured VLAN
- B . Misconfigured proxy
- C . Misconfigured firewall rule
- D . Misconfigure routing
C
Explanation:
Reference: https://support.microsoft.com/en-us/help/4464854/scenario-5-my-website-is-throwing-http-error-503-the-service-is-unavai
A service engineer is trying to determine why one of the company’s SaaS solution is no longer available. The internal systems are responding and other online applications using the same SaaS solution are responding as expected.
Which of the following is the MOST common cause of the availability issue?
- A . Cloud service provider outage
- B . Automation/orchestration issue
- C . Integration issue
- D . Subscription issue
A university is running a DNA decoding project that will take seven years if it runs on its current internal mainframe. The university negotiated a deal with a large cloud provider, which will donate its cloud resource to process the DNA decoding during the low peak time throughout the world.
Which of the following is the MOST important resource the university should ask the cloud provider to donate?
- A . A large storage for the DNA decoding results
- B . A larger pipe to transfer the results
- C . A closer datacenter to the university
- D . Any available compute resource
A backup solution for a new cloud environment must meet the following requirements:
* Use no more than two backup sets for a complete restore.
* Minimize backup space used.
* Support physical and virtual machines.
Which of the following BEST meets these requirements?
- A . Weekly full backups with daily incremental backups
- B . Weekly clones with daily incremental backups
- C . Weekly full backups with daily differential backups
- D . Weekly and daily snapshots via the hypervisor
A company has developed a SaaS product for the financial services industry. The Chief Executive Officer (CEO) of the SaaS company has engaged an independent third party to run tests against its platform.
Which of the following is the MOST likely test the third party has been engaged to perform?
- A . Penetration testing
- B . Load testing
- C . Vulnerability testing
- D . Functionality testing
A company moved its on-premises applications to several SaaS providers. As a result, the security team is concerned about accounts being compromised.
Which of the following should the security tem implement to reduce this risk?
- A . Multifactor authentication
- B . Single sign-on
- C . Federation
- D . Role-based access control
- E . Virtual private network
An entertainment company with a very large movie library is moving all of its production systems to an IaaS cloud. The current lease is expiring in the next month, and the company made a last-minute decision not to renew the lease.
Which of the following would be the MOST effective way to move all the data to the new cloud provider?
- A . Perform an offline storage migration.
- B . Perform an online storage migration.
- C . Perform an offline VM migration.
- D . Perform an online VM migration.
B
Explanation:
Reference: https://www.fujitsu.com/global/products/computing/storage/disk/eternus-dx/feature/storage-migration.html
An organization just went through a substantial audit, and the top findings were orphaned and inactive privileged accounts. Given the scenario, which of the following would be the BEST method for addressing these findings?
- A . SSO with federation integration
- B . ACLs and permissions verification
- C . Multifactor authentication
- D . Time-bound, just-in-time account provisioning
An administrator is deploying a new application platform with the following resource utilization:
Company policy requires that no resource utilization surpasses 80%.
Which of the following resources will need to be upgraded prior to deployment?
- A . Disk
- B . IOPS
- C . CPU
- D . Network
- E . RAM
A cloud administrator has to migrate from an on-premises to a public cloud. The administrator has 20 physical servers and 600 virtual instances to migrate within a month.
Which of the following should the administrator analyze?
- A . The maintenance window, network bandwidth, and virtual instances sizes.
- B . The virtual instances sizes, archive repository size, and maintenance window.
- C . The network bandwidth, systems restore point, and virtual instances sizes.
- D . The backup window, network bandwidth, and virtual instances sizes.
A cloud provider wants to automate the installation of standard applications and services as part of the PaaS environment. The provider generates scripts for installation and configuration, taking into account the values provided by the users as input. The scripts need to be run automatically as part of the provisioning process and reused later for other purposes.
Which of the following would help the provider do this?
- A . Provisioning
- B . Orchestration
- C . Self-service portal
- D . Baselines
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/automation/automation-intro
A cloud performance engineer is asked to review the usage and resource utilization from last quarter and then provide analysis and a recommendation. The data shown in the exhibit is collected and plotted for analysis.
In addition to investigating the alarms, which of the following is the BEST recommendation for the engineer to provide?
- A . Migrate to a different cloud provider to improve performance.
- B . Monitor utilization to ensure it does not exceed 80%.
- C . Enable hyperthreading and add memory to allow for growth.
- D . Add more CPUs to lower the utilization.
Recent feedback from an employee engagement survey stated that users are frustrated with multiple logins to different SaaS providers, and the cloud engineering teams is directed to address this issue and implement a solution. The security policy states that users must access the SaaS from approved IP addresses.
Which of the following is the BEST and most efficient solution to deploy?
- A . Deploy an IPSec tunnel to each SaaS provider and enable biometric login.
- B . Deploy a smart card login and change passwords to each SaaS vendor every 30 days.
- C . Deploy a CASB solution and whitelist the approved SaaS applications.
- D . Deploy SSO and enforce VPN access to the corporate domain.
A company is interested in a DRP. The purpose of the plan is to recover business as soon as possible.
The MOST effective technique is:
- A . archiving.
- B . network clustering.
- C . site mirroring.
- D . active/active.
A cloud administrator has deployed a new all-flash storage array with deduplication and compression enabled, and moved some of the VMs into it. The goal was to achieve 4:1 storage efficiency while maintaining sub- millisecond latency.
Which of the following results would BEST suit the requirements?
- A . Compression 1:1
Deduplication 4:1
Overall savings 4:1 Average latency 1.0ms - B . Compression 1.5:1
Deduplication 1.8:1
Overall savings 2.2:1 Average latency 600us - C . Compression 1.3:1
Deduplication 3.1:1
Overall savings 4.3:1 Average latency 900us - D . Compression 1.8:1
Deduplication 2.7:1
Overall savings 4.2:1 Average latency 1.2ms
A law firm wants to limit log retention to the minimum required by law and regulation.
Which of the following is the engineer most likely to do FIRST?
- A . Create a 2GB external hard drive to log all activities.
- B . Configure all systems in scope to log activities in support of company policies.
- C . Configure a daily rotation on all workstations to limit the logs’ discovery scope.
- D . Deduplicate, compress, and encrypt all logs before archiving them.
A pharmaceutical company is migrating its systems and infrastructure to the cloud. Due to security restrictions and regulatory policies, the company Chief Executive Officer (CEO) is concerned about moving this information to the cloud.
Based on the CEO’s concern, which of the following should the company do First?
- A . Review compliance requirements.
- B . Apply defined audit/compliance requirements.
- C . Review company security policies.
- D . Update the security tools to systems and services.
One of the IaaS production web servers has a critical OS vulnerability that requires remediation. The vulnerability report indicates it is a zero-day exploit.
Which of the following is the BEST course of action to remediate the vulnerability?
- A . Schedule the update via the patch management system to be applied in the next standard change window.
- B . Turn off the VM, build a new server, and apply patches with a patch management system.
- C . Submit an emergency change request to the CAB and apply the update via the patch management system.
- D . Submit an emergency change request to the CAB, test the patch, and then apply the update via the patch management system.
Ann. a user, has tried to connect to a VM hosted in a private cloud using her directory services credentials. After three attempts, she realizes the keyboard was set to German instead of English, and she was typing "z" instead of "y". After fixing this issue, Ann is still unable to log in; however, other users can access the VM.
Which of the following is the MOST likely cause?
- A . The default language on Ann’s computer is German.
- B . The account was locked.
- C . Directory services are offline.
- D . There is an account mismatch.
- E . The account localization settings are incorrect.
Government agencies currently operate their own websites, each with its own directory services. There is a mandate to minimize IT administration.
Which of the following should the cloud services architect choose to BEST meet this mandate?
- A . Set up a direct VPN tunnel between the government sites.
- B . Upgrade all stand-alone systems to use mobile technologies.
- C . Upgrade the operating systems on all of the web servers.
- D . Reengineer the identification and authorization process.
A cloud administrator wants to make a web application on the company’s private cloud available to multiple remote sites.
Which of the following protocols BEST provides IP packet encapsulation?
- A . L2TP
- B . GRE
- C . PPTP
- D . SIP
DRAG DROP
Drag and drop each Disaster Recovery Solution need to the corresponding SLA requirement. Options may be used once or not at all.
The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window.
Which of the following is the MOST efficient way to get the patches installed?
- A . Use the patch management tool to automate and orchestrate the patch installation.
- B . Use a security vulnerability scanning tool to apply the patch automatically.
- C . Schedule the patch to install from a remote file server upon server reboot.
- D . Connect the server instances to the Internet to download the patch automatically.
A large finance firm processes three times as many transactions in December of each year. The transactions are processed in a private cloud. Management wants to avoid adding permanent resources to accommodate the single month increase.
Which of the following is the BEST way to meet the need?
- A . Migrate all transaction processing to a public cloud and size capacity for the largest seasonal needs.
- B . Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure.
- C . Determine usage patterns over time and virtualize the processing traffic to give room for seasonal changes in resource demand.
- D . Determine usage patterns for the seasonal capacity needs and add physical resources to allow additional processing.
The IT department receives a client request to build multiple file server instances.
Which of the following is the MOST efficient way for a cloud systems administrator to fulfill this request?
- A . Build file server instances with the OEM DVD
- B . Restore a file server base image from backup
- C . Use the file server template to build the file server instances
- D . Build the server instances using a boot from a SAN image
A cloud administrator has configured a connection between two virtual private cloud environments at a public cloud provider that are each in different accounts. The administrator has configured the accounts correctly so they can connect to each other’s resources. Both cloud environments have policies that allow anyone from 0.0.0.0/0 on TCP port 22.
The following table shows the network configuration information:
However, the administrator is unable to establish an SSH connection from a server in 10.250.40.100 to 10.250.48.214.
Which of the following is the MOST likely issue?
- A . The network ACL is not configured to allow SSH access.
- B . The IP configuration on one of the servers is incorrect.
- C . The administrator does not have sufficient credentials.
- D . The routing tables have not been updated correctly.
A communications service operator is planning to start migrating its complex network infrastructure to cloud by NFV, including a pool of media gateway servers, routers, and firewalls. The network elements consist of two controller cards, two redundant drives, and redundant ASIC boards.
Which of the following virtualization requirements outlines the correct deployment plan?
- A . The deployment and implementation should be on public cloud space with network elements shared across different functions with central database/storage.
- B . The deployment and implementation should be on hosted private cloud space with a VM for each controller card, ASIC board, and storage mapped to existing databases.
- C . The deployment and implementation should be done in a hybrid model with VMs for controller cards and storage hosted in a private cloud; any functional cards are in a public cloud.
- D . The deployment and implementation should be done using SaaS; only configuration of database storage needs to be considered during deployment.
A cloud administrator is required to implement a solution to handle data-at-rest encryption requirements for a database.
Which of the following would BEST satisfy the requirements?
- A . Install an SSL certificate and only allow secure connections to the server.
- B . Enable two-factor authentication on connections to the database server and log activities.
- C . Activate memory encryption on the virtual server and store the certificates remotely.
- D . Create a virtual encrypted disk, add it to the virtual server, and have the database write to it.
D
Explanation:
The QUESTION NO: talks about data at rest. The only option given that offers a solution for data at rest is to encrypt the disk that the database writes to.
Given the metric below:
Using iSCSI storage reports across three datacenters, which of the following recorded metrics indicates an anomaly in the performance?
- A . Disk latency
- B . CPU utilization
- C . WAN latency
- D . RAM utilization
A healthcare provider determines a Europe-based SaaS electronic medical record system will meet all functional requirements. The healthcare provider plans to sign a contract to use the system starting in the next calendar year.
Which of the following should be reviewed prior to signing the contract?
- A . Security auditing
- B . Storage cost and types
- C . Bandwidth utilization
- D . Third-party integration
A company has an internal SLA for CPU and RAM oversubscription that should stay below 120%. Storage utilization should stay below 90% with oversubscription below 160%.
Given the following:
Which of the following should be done to meet the SLA?
- A . Install a different hypervisor
- B . Add RAM to the hypervisors and new shelves to the storage array
- C . Add RAM to the hypervisors and increase the CPU clock
- D . Add CPU and RAM to the cluster
Several of an organization’s mobile applications are hosted in a cloud environment, and the risk team requires cross-site scripting protection to ensure availability.
Which of the following is the MOST efficient security tool to implement?
- A . IPSec
- B . WAF
- C . VPN
- D . HIPS
A firm responsible for ticket sales notices its local web servers are unable to handle the traffic, which often causes timeout errors and results in lost revenue. The firm wants to obtain additional cloud-based server resources only during peak times. Due to budget constraints, the firm wants to purchase only the exact amount required during peak times.
Which of the following steps should be performed to BEST meet the budget requirement?
- A . Collect all web server specifications and purchase double the amount of resources from the CSP.
- B . Analyze web server performance trends to determine what is being used.
- C . Implement cloud bursting through CSP for web servers.
- D . Run a network analyzer to monitor web server traffic to determine peak traffic times.
A cloud administrator is deploying a memory-intensive, three-tier web application with a database back end to one server in an IaaS cloud platform.
The minimum application memory requirements are as follows:
✑ RAM for Web Service Role: 1024MB
✑ RAM for Application Service Role: 2048MB
✑ RAM for Database Service Role: 4192MB
Configuration requirements state that web content should be separated from the operating system on another drive.
Given this scenario, which of the following is the minimum amount of RAM required in GB and what is the most optimal logical volume design to BEST meet these requirements? (Choose two.)
- A . 5GB
- B . 6 GB
- C . 7GB
- D . C:Drive: OS, Web Service Role, Application Service Role, Database Service Role
- E . C:Drive: OS
- F . Drive: Web Service Role, Application Service Role, Database Service Role
- G . C: Drive: OS, Web Service Role
- H . Drive: Application Service Role, Database Service Role
A technician is configuring a new web application to be highly available. The technician has configured multiple web servers in different availability zones at a public cloud provider. The application requires users to be directed to the same server each time they visit.
Which of the following network components is MOST likely to accomplish this?
- A . Network firewall
- B . Intrusion prevention system
- C . Global load balancer
- D . Virtual private network
After monthly patching, a large number of users who are logged onto the network report that application links from a company’s intranet site, which previously opened directly into the website, are now prompting for logon information. Application administrators confirm that the websites in QUESTION NO: are working properly.
Which of the following is the MOST likely cause of the new behavior?
- A . SSO issues
- B . Password expiration
- C . Account lockout
- D . Certificate expiration
The legal department requires eDiscovery of hosted file shares.
To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings?
- A . PKI
- B . SSO
- C . MFA
- D . RBAC
A customer recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue.
Which of the following maintenance activities does the provider need to perform to prevent this issue?
- A . Use cloud provider tools to remove orphaned resources.
- B . Initiate resource reclamation.
- C . Run a script to remove stale DNS entries.
- D . Update outdated security firewall configurations.
A customer is building a web cluster in which all nodes must access a shared pool of images.
Which of the following storage types would be BEST for this workload?
- A . Block storage
- B . File-level access storage
- C . Direct attached storage
- D . Object Storage
D
Explanation:
Reference: https://www.ibm.com/cloud/learn/object-storage
After deploying new VMs, the systems administrator notices it is not possible to connect to them using network credentials; however, local accounts work. After logging in, the administrator notices the NTP servers are not set.
Which of the following is MOST likely causing this issue?
- A . Directory services requires the use of NTP servers.
- B . The VMs are insufficiently licensed.
- C . There is a directory services outage.
- D . There is a time synchronization issue.
A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider.
Which of the following tasks are MOST appropriate for the hardening process? (Select TWO).
- A . Disable automatic updates.
- B . Disable the command prompt.
- C . Disable unneeded ports and services.
- D . Disable the local administrator account.
- E . Disable the remote desktop connection.
- F . Disable complex passwords.
A cloud security analyst performs a vulnerability scan on a web application server across all staging environments. According to the vulnerability scan, the web content featured on the server in the staging environment is located on the C: drive, which is the same location housing the operating system.
The analyst determines the results are false positive and submits a report, which includes artifacts supporting the claim to the CAB.
Given this scenario, which of the following test plans would be the MOST appropriate to include in the report?
- A . Penetration test plan
- B . Vulnerability test plan
- C . User acceptance test plan
- D . Smoke test plan
A cloud administrator wants to apply patches in an isolated copy of the production virtual server to assess the impact.
Which of the following activities would BEST achieve this objective?
- A . Clustering
- B . Snapshot
- C . Image backup
- D . Cloning
An upgrade to a web application, which supports 400 users at four sites, is being tested.
The application runs on four servers behind a load balancer.
The following test plan is proposed:
– Have 50 users from site A connect to server 1
– Have 50 users from site B connect to server 2
– Have 50 users from site C connect to server 3
– Have 50 users from site D connect to server 4
Which of the following parameters is being properly tested by this plan?
- A . Sizing
- B . Connectivity
- C . High availability
- D . Performance