CV1-003: CompTIA Cloud+
QUESTION NO: 1 CORRECT TEXT A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday. The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations. The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet. During testing, the company discovered that only 20% of connections were completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1: Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server. Identify the problematic device(s).
Part 2: Identify the correct options to provide adequate configuration for hybrid cloud architecture.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1: Cloud Hybrid Network Diagram
Part 2:
Only select a maximum of TWO options from the multiple choice question
QUESTION NO: 2 CORRECT TEXT The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.
Refer to the application dataflow:
1A – The end user accesses the application through a web browser to enter and view clinical data.
2A – The CTM application server reads/writes data to/from the database server.
1B – The end user accesses the application through a web browser to run reports on clinical data.
2B – The CTM application server makes a SOAP call on a non-privileged port to the BI application 8 server.
3B – The BI application server gets the data from the database server and presents it to the CTM application server.
When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue
INSTRUCTIONS
You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.
You should ensure the firewall rules are allowing only the traffic based on the dataflow.
You have already verified the external DNS resolution and NAT are working. Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
QUESTION NO: 3 A DevOps administrator is automating an existing software development workflow. The administrator wants to ensure that prior to any new code going into production, tests confirm the new code does not negatively impact existing automation activities. Which of the following testing techniques would be BEST to use?
A. Usability testing
B. Regression testing
C. Vulnerability testing
D. Penetration testing
Answer: B
Reference: https://www.softwaretestinghelp.com/regression-testing-tools-and-methods/
QUESTION NO: 4 A marketing team is using a SaaS-based service to send emails to large groups of potential customers. The internally managed CRM system is configured to generate a list of target customers automatically on a weekly basis, and then use that list to send emails to each customer as part of a marketing campaign. Last week, the first email campaign sent emails successfully to 3,000 potential customers. This week, the email campaign attempted to send out 50,000 emails, but only 10,000 were sent. Which of the following is the MOST likely reason for not sending all the emails?
A. API request limit
B. Incorrect billing account
C. Misconfigured auto-scaling
D. Bandwidth limitation
Answer: A
Reference: https://developers.google.com/analytics/devguides/config/mgmt/v3/limits-quotas
QUESTION NO: 5 A VDI administrator has received reports of poor application performance. Which of the following should the administrator troubleshoot FIRST?
A. The network environment
B. Container resources
C. Client devices
D. Server resources
Answer: D
QUESTION NO: 6 Due to a policy change, a few of a customer’s application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%. Which of the following is the MOST likely cause?
A. There is not enough vCPU assigned
B. The application is not compatible with the new settings
C. The new configuration is adding latency
D. The memory of the VM is underallocated
Answer: B
QUESTION NO: 7 An organization requires the following to be achieved between the finance and marketing departments: Allow HTTPS/HTTP. Disable FTP and SMB traffic. Which of the following is the MOST suitable method to meet the requirements?
A. Implement an ADC solution to load balance the VLAN traffic
B. Configure an ACL between the VLANs
C. Implement 802.1X in these VLANs
D. Configure on-demand routing between the VLANs
Answer: B
QUESTION NO: 8 A systems administrator is building a new virtualization cluster. The cluster consists of five virtual hosts, which each have flash and spinning disks. This storage is shared among all the virtual hosts, where a virtual machine running on one host may store data on another host. This is an example of:
A. a storage area network
B. a network file system
C. hyper converged storage
D. thick-provisioned disks
Answer: A
QUESTION NO: 9 A company is utilizing a private cloud solution that is hosted within its datacenter. The company wants to launch a new business application, which requires the resources below:
The current private cloud has 30 vCPUs and 512GB RAM available. The company is looking for a quick solution to launch this application, with expected maximum sessions to be close to 24,000 at launch and an average of approximately 5,000 sessions. Which of the following solutions would help the company accommodate the new workload in the SHORTEST amount of time and with the maximum financial benefits?
A. Configure auto-scaling within the private cloud
B. Set up cloud bursting for the additional resources
C. Migrate all workloads to a public cloud provider
D. Add more capacity to the private cloud
Answer: A
QUESTION NO: 10 A systems administrator recently upgraded the processors in a web application host. Upon the 16 next login, the administrator sees a new alert regarding the license being out of compliance. Which of the following licensing models is the application MOST likely using?
A. Per device
B. Per user
C. Core-based
D. Volume-based
Answer: C
Reference: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75aa5b04179958b/percorelicensing_definitions_vlbrief.pdf
QUESTION NO: 11 A systems administrator is informed that a database server containing PHI and PII is unencrypted. The environment does not support VM encryption, nor does it have a key management system. The server needs to be able to be rebooted for patching without manual intervention. Which of the following will BEST resolve this issue?
A. Ensure all database queries are encrypted
B. Create an IPSec tunnel between the database server and its clients
C. Enable protocol encryption between the storage and the hypervisor
D. Enable volume encryption on the storage
E. Enable OS encryption
Answer: C
QUESTION NO: 12 An OS administrator is reporting slow storage throughput on a few VMs in a private IaaS cloud. Performance graphs on the host show no increase in CPU or memory. However, performance graphs on the storage show a decrease of throughput in both IOPS and MBps but not much increase in latency. There is no increase in workload, and latency is stable on the NFS storage arrays that are used by those VMs. Which of the following should be verified NEXT?
A. Application
B. SAN
C. VM GPU settings
D. Network
Answer: D
QUESTION NO: 13 An organization has multiple VLANs configured to segregate the network traffic. Following is the breakdown of the network segmentation: Production traffic (10.10.0.0/24) Network backup (10.20.0.0/25) Virtual IP network (10.20.0.128/25) The following configuration exists on the server:
The backup administrator observes that the weekly backup is failing for this server. Which of the following commands should the administrator run to identify the issue?
A. ROUTE PRINT
B. NETSTAT -A
C. IPCONFIG /ALL
D. NET SM
Answer: A
Reference: https://www.toolbox.com/tech/operating-systems/blogs/using-the-route-printcommand-in-windows-7-022310/
QUESTION NO: 14 A systems administrator is configuring RAID for a new server. This server will host files for users and replicate to an identical server. While redundancy is necessary, the most important need is to maximize storage. Which of the following RAID types should the administrator choose?
A. 5
B. 6
C. 10
D. 50
Answer: C
Reference: https://mysupport.netapp.com/NOW/public/eseries/sam_archive1150/index.html#page/GUID8538272A-B802-49D9-9EA2-96C82DAD26A2/GUID-1BF9A33B-C3A1-487C-B8D8- 5F2C14E3ED2E.html
QUESTION NO: 15 Which of the following will mitigate the risk of users who have access to an instance modifying the system configurations?
A. Implement whole-disk encryption
B. Deploy the latest OS patches
C. Deploy an anti-malware solution
D. Implement mandatory access control
Answer: D
QUESTION NO: 16 A systems administrator recently deployed a VDI solution in a cloud environment; however, users are now experiencing poor rendering performance when trying to display 3-D content on their virtual desktops, especially at peak times. Which of the following actions will MOST likely solve this issue?
A. Update the quest graphics drivers from the official repository
B. Add more vGPU licenses to the host
C. Instruct users to access virtual workstations only on the VLAN
D. Select vGPU profiles with higher video RAM
Answer: D
Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/data-centervirtualization/desktop-virtualization-solutions-vmware-horizon-view/whitepaper-c11-741606.pdf
QUESTION NO: 17 An organization purchased new servers with GPUs for render farms. The servers have limited CPU resources. Which of the following GPU configurations will be the MOST optimal for virtualizing this environment?
A. Dedicated
B. Shared
C. Passthrough
D. vGPU
Answer: D
QUESTION NO: 18 A systems administrator needs to configure a set of policies to protect the data to comply with mandatory regulations. Which of the following should the administrator implement to ensure DLP efficiently prevents the exposure of sensitive data in a cloud environment?
A. Integrity
B. Versioning
C. Classification
D. Segmentation
Answer: C
Reference: https://cloud.google.com/dlp/docs
QUESTION NO: 19 A systems administrator wants to have near-real-time information on the volume of data being exchanged between an application server and its clients on the Internet. Which of the following should the systems administrator implement to achieve this objective?
A. A stateful firewall
B. DLP
C. DNSSEC
D. Network flows
Answer: D
QUESTION NO: 20 A company needs to rehost its ERP system to complete a datacenter migration to the public cloud. The company has already migrated other systems and configured VPN connections. Which of the following MOST likely needs to be analyzed before rehosting the ERP?
A. Software
B. Licensing
C. Right-sizing
D. The network
Answer: B
QUESTION NO: 21 A company wants to check its infrastructure and application for security issues regularly. Which of the following should the company implement?
A. Performance testing
B. Penetration testing
C. Vulnerability testing
D. Regression testing
Answer: B
Reference: https://pure.security/services/technical-assurance/external-penetration-testing/
QUESTION NO: 22 A company that utilizes an IaaS service provider has contracted with a vendor to perform a penetration test on its environment. The vendor is able to exploit the virtualization layer and obtain access to other instances within the cloud provider’s environment that do not belong to the company. Which of the following BEST describes this attack?
A. VM escape
B. Directory traversal
C. Buffer overflow
D. Heap spraying
Answer: A
Reference: https://whatis.techtarget.com/definition/virtual-machine-escape
QUESTION NO: 23 A systems administrator would like to reduce the network delay between two servers. Which of the following will reduce the network delay without taxing other system resources?
A. Decrease the MTU size on both servers
B. Adjust the CPU resources on both servers
C. Enable compression between the servers
D. Configure a VPN tunnel between the servers
Answer: C
Reference: https://cseweb.ucsd.edu/~calder/papers/HPDC-01-DynComp.pdf
QUESTION NO: 24 An administrator is performing an in-place upgrade on a quest VM operating system. Which of the following can be performed as a quick method to roll back to an earlier state, if necessary?
A. A configuration file backup
B. A full backup of the database
C. A differential backup
D. A VM-level snapshot
Answer: D
Reference: https://cloud.google.com/compute/docs/tutorials/performing-in-place-upgradewindows-server
QUESTION NO: 25 After analyzing a web server’s logs, a systems administrator sees that users are connecting to the company’s application through HTTP instead of HTTPS. The administrator then configures a redirect from HTTP to HTTPS on the web server, and the application responds with a connection time-out message. Which of the following should the administrator verify NEXT?
A. The TLS certificate
B. The firewall rules
C. The concurrent connection limit
D. The folder permissions
Answer: A
Reference: https://www.ionos.com/digitalguide/hosting/technical-matters/http-408-how-to-fix-therequest-timeout-error/
QUESTION NO: 26 A systems administrator is configuring a storage array. Which of the following should the administrator configure to set up mirroring on this array?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 6
Answer: B
Reference: https://www.enterprisestorageforum.com/storage-management/raid-levels.html
QUESTION NO: 27 A company has developed a cloud-ready application. Before deployment, an administrator needs to select a deployment technology that provides a high level of portability and is lightweight in terms of footprint and resource requirements. Which of the following solutions will be BEST to help the administrator achieve the requirements?
A. Containers
B. Infrastructure as code
C. Desktop virtualization
D. Virtual machines
Answer: A
Reference: https://blog.netapp.com/blogs/containers-vs-vms/
QUESTION NO: 28 A global web-hosting company is concerned about the availability of its platform during an upcoming event. Web traffic is forecasted to increase substantially during the next week. The site contains mainly static content. Which of the following solutions will assist with the increased workload?
A. DoH
B. WAF
C. IPS
D. CDN
Answer: D
Reference: https://www.globaldots.com/content-delivery-network-explained
QUESTION NO: 29 An organization is hosting a cloud-based web server infrastructure that provides web-hosting solutions. Sudden continuous bursts of traffic have caused the web servers to saturate CPU and network utilizations. Which of the following should be implemented to prevent such disruptive traffic from reaching the web servers?
A. Solutions to perform NAC and DLP
B. DDoS protection
C. QoS on the network
D. A solution to achieve microsegmentation
Answer: B
Reference: https://blog.paessler.com/the-top-5-causes-of-sudden-network-spikes
QUESTION NO: 30 A developer is no longer able to access a public cloud API deployment, which was working ten minutes prior. 28 Which of the following is MOST likely the cause?
A. API provider rate limiting
B. Invalid API token
C. Depleted network bandwidth
D. Invalid API request
Answer: B
QUESTION NO: 31 An organization is implementing a new requirement to facilitate users with faster downloads of corporate application content. At the same time, the organization is also expanding cloud regions. Which of the following would be suitable to optimize the network for this requirement?
A. Implement CDN for overall cloud application
B. Implement auto-scaling of the compute resources
C. Implement SR-IOV on the server instances
D. Implement an application container solution
Answer: C
Reference: https://access.redhat.com/documentation/enus/red_hat_openstack_platform/13/html/network_functions_virtualization_planning_and_configurat ion_guide/part-sriov-nfv-configuration
QUESTION NO: 32 Which of the following cloud deployment models allows a company to have full control over its IT infrastructure?
A. Private
B. Cloud within a cloud
C. Hybrid
D. Public
Answer: A Reference: https://www.sciencedirect.com/topics/computer-science/private-cloud
QUESTION NO: 33 A cloud administrator is designing a multi region network within an IaaS provider. The business requirements for configuring the network are as follows: Use private networking in and between the multi sites for data replication. Use low latency to avoid performance issues. Which of the following solutions should the network administrator use within the IaaS provider to connect multi regions?
A. Peering
B. Gateways
C. VPN
D. Hub and spoke
Answer: C
QUESTION NO: 34 A company has decided to get multiple compliance and security certifications for its public cloud environment. However, the company has few staff members to handle the extra workload, and it has limited knowledge of the current infrastructure. Which of the following will help the company meet the compliance requirements as quickly as possible?
A. DLP
B. CASB
C. FIM
D. NAC
Answer: D
QUESTION NO: 35 The human resources department was charged for a cloud service that belongs to another department. All other cloud costs seem to be correct. Which of the following is the MOST likely cause for this error?
A. Misconfigured templates
B. Misconfigured chargeback
C. Incorrect security groups
D. Misconfigured tags
Answer: A
QUESTION NO: 36 A cloud administrator has finished setting up an application that will use RDP to connect. During testing, users experience a connection timeout error. Which of the following will MOST likely solve the issue?
A. Checking user passwords
B. Configuring QoS rules
C. Enforcing TLS authentication
D. Opening TCP port 3389
Answer: D
Reference: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktopservices/troubleshoot/rdp-error-general-troubleshooting
QUESTION NO: 37 A company has a cloud infrastructure service, and the cloud architect needs to set up a DR site. Which of the following should be configured in between the cloud environment and the DR site?
A. Failback
B. Playbook
C. Zoning
D. Replication
Answer: D
QUESTION NO: 38 A systems administrator notices that a piece of networking equipment is about to reach its end of support. Which of the following actions should the administrator recommend?
A. Update the firmware
B. Migrate the equipment to the cloud
C. Update the OS
D. Replace the equipment
Answer: A
QUESTION NO: 39 An organization has two businesses that are developing different software products. They are using a single cloud provider with multiple IaaS instances. The organization identifies that the tracking of costs for each business are inaccurate. Which of the following is the BEST method for resolving this issue?
A. Perform segregation of the VLAN and capture egress and ingress values of each network interface
B. Tag each server with a dedicated cost and sum them based on the businesses
C. Split the total monthly invoice equally between the businesses
D. Create a dedicated subscription for the businesses to manage the costs
Answer: B
QUESTION NO: 40 A systems administrator disabled TLS 1.0 and 1.1, as well as RC4, 3DES, and AES-128 ciphers for TLS 1.2, on a web server. A client now reports being unable to access the web server, but the administrator verifies that the server is online, the web service is running, and other users can reach the server as well. Which of the following should the administrator recommend the user do FIRST?
A. Disable antivirus/anti-malware software
B. Turn off the software firewall
C. Establish a VPN tunnel between the computer and the web server
D. Update the web browser to the latest version
Answer: B
QUESTION NO: 41 An organization is running a database application on a SATA disk, and a customer is experiencing slow performance most of the time. Which of the following should be implemented to improve application performance?
A. Increase disk capacity
B. Increase the memory and network bandwidth
C. Upgrade the application
D. Upgrade the environment and use SSD drives
Answer: D
QUESTION NO: 42 A company is switching from one cloud provider to another and needs to complete the migration as quickly as possible. Which of the following is the MOST important consideration to ensure a seamless migration?
A. The cost of the environment
B. The I/O of the storage
C. Feature compatibility
D. Network utilization
Answer: B
QUESTION NO: 43 A company wants to implement business continuity, and the cloud solution architect needs to design the correct solution. Which of the following will provide the data to measure business continuity? (Choose two.)
A. A service-level agreement
B. Automation scripts
C. Playbooks
D. A network diagram
E. A backup and restore
F. A recovery time objective
Answer: A,F
QUESTION NO: 44 A company recently subscribed to a SaaS collaboration service for its business users. The company also has an on-premises collaboration solution and would like users to have a seamless experience regardless of the collaboration solution being used. Which of the following should the administrator implement?
A. LDAP
B. WAF
C. VDI
D. SSO
Answer: A
QUESTION NO: 45 A systems administrator has migrated an internal application to a public cloud. The new web server is running under a TLS connection and has the same TLS certificate as the internal application that is deployed. However, the IT department reports that only internal users who are using new versions of the OSs are able to load the application home page. Which of the following is the MOST likely cause of the issue?
A. The local firewall from older OSs is not allowing outbound connections
B. The local firewall from older OSs is not allowing inbound connections
C. The cloud web server is using a self-signed certificate that is not supported by older browsers D. The cloud web server is using strong ciphers that are not supported by older browsers
Answer: B
QUESTION NO: 46 A cloud administrator recently noticed that a number of files stored at a SaaS provider’s file sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access. Which of the following is the best step for the administrator to take NEXT?
A. Identify the changes to the file-sharing service and document
B. Acquire a third-party DLP solution to implement and manage access
C. Test the current access permissions to the file-sharing service
D. Define and configure the proper permissions for the file-sharing service
Answer: D
QUESTION NO: 47 A systems administrator is provisioning VMs in a cloud environment and has been told to select an OS build with the furthest end-of-life date. Which of the following OS builds would be BEST for the systems administrator to use?
A. Open-source
B. LTS
C. Canary
D. Beta
E. Stable
Answer: E
QUESTION NO: 48 A systems administrator is deploying a new storage array for backups. The array provides 1PB of raw disk space and uses 14TB nearline SAS drives. The solution must tolerate at least two failed drives in a single RAID set. Which of the following RAID levels satisfies this requirement?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 6
E. RAID 10
Answer: D
Reference: https://www.promax.com/blog/how-many-drives-can-fail-in-a-raid-configuration
QUESTION NO: 49 A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment. Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application. Single signon is also implemented, which makes access much easier. Which of the following access control rules should be changed?
A. Discretionary-based
B. Attribute-based
C. Mandatory-based
D. Role-based
Answer: D
Reference: https://www.ekransystem.com/en/blog/rbac-vs-abac
QUESTION NO: 50 A systems administrator needs to configure SSO authentication in a hybrid cloud environment. Which of the following is the BEST technique to use?
A. Access controls
B. Federation
C. Multi Factor authentication
D. Certificate authentication
Answer: C
Reference: https://techbeacon.com/security/how-get-single-sign-right-todays-hybrid-itenvironments
QUESTION NO: 51 A cloud architect is designing the VPCs for a new hybrid cloud deployment. The business requires the following: High availability Horizontal auto-scaling 60 nodes peak capacity per region Five reserved network IP addresses per subnet /24 range Which of the following would BEST meet the above requirements?
A. Create two /25 subnets in different regions
B. Create three /25 subnets in different regions
C. Create two /26 subnets in different regions
D. Create three /26 subnets in different regions
E. Create two /27 subnets in different regions
F. Create three /27 subnets in different regions
Answer: C
QUESTION NO: 52 In an existing IaaS instance, it is required to deploy a single application that has different versions. Which of the following should be recommended to meet this requirement?
A. Deploy using containers
B. Install a Type 2 hypervisor
C. Enable SR-IOV on the host
D. Create snapshots
Answer: A
QUESTION NO: 53 A media company has made the decision to migrate a physical, internal file server to the cloud and use a web-based interface to access and manage the files. The users must be able to use their current corporate logins. Which of the following is the MOST efficient way to achieve this goal?
A. Deploy a VM in a cloud, attach storage, and copy the files across
B. Use a SaaS service with a directory service federation
C. Deploy a file share in a public cloud and copy the files across
D. Copy the files to the object storage location in a public cloud
Answer: C
QUESTION NO: 54 A systems administrator for an e-commerce company will be migrating the company’s main website to a cloud provider. The principal requirement is that the website must be highly available. Which of the following will BEST address this requirement?
A. Vertical scaling
B. A server cluster
C. Redundant switches
D. A next-generation firewall
Answer: A
QUESTION NO: 55 An organization is required to set a custom registry key on the guest operating system. Which of the following should the organization implement to facilitate this requirement?
A. A configuration management solution
B. A log and event monitoring solution
C. A file integrity check solution
D. An operating system ACL
Answer: A
QUESTION NO: 56 A systems administrator is deploying a GPU-accelerated VDI solution. Upon requests from several users, the administrator installs an older version of the OS on their virtual workstations. The majority of the VMs run the latest LTS version of the OS. Which of the following types of drivers will MOST likely ensure compatibility with all virtual workstations?
A. Alternative community drivers
B. Legacy drivers
C. The latest drivers from the vendor’s website
D. The drivers from the OS repository
Answer: C
QUESTION NO: 57 A cloud engineer is responsible for managing two cloud environments from different MSPs. The security department would like to inspect all traffic from the two cloud environments. Which of the following network topology solutions should the cloud engineer implement to reduce long-term maintenance?
A. Chain
B. Star
C. Mesh
D. Hub and spoke
Answer: D
QUESTION NO: 58 Which of the following is relevant to capacity planning in a SaaS environment?
A. Licensing
B. A hypervisor
C. Clustering
D. Scalability
Answer: D
QUESTION NO: 59 A cloud administrator is setting up a DR site on a different zone of the same CSP. The application servers are replicated using the VM replication, and the database replication is set up using log shipping. Upon testing the DR site, the application servers are unable to access the database servers. The administrator has verified the systems are running and are accessible from the CSP 45 portal. Which of the following should the administrator do to fix this issue?
A. Change the database application IP
B. Create a database cluster between the primary site and the DR site
C. Update the connection string
D. Edit the DNS record at the DR site for the application servers
Answer: C
QUESTION NO: 60 A company has deployed a new cloud solution and is required to meet security compliance. Which of the following will MOST likely be executed in the cloud solution to meet security requirements?
A. Performance testing
B. Regression testing
C. Vulnerability testing
D. Usability testing
Answer: C
QUESTION NO: 61 A cloud administrator is switching hosting companies and using the same script that was previously used to deploy VMs in the new cloud. The script is returning errors that the command was not found. Which of the following is the MOST likely cause of the script failure?
A. Account mismatches
B. IP address changes
C. API version incompatibility
D. Server name changes
Answer: C
QUESTION NO: 62 A systems administrator needs to configure monitoring for a private cloud environment. The administrator has decided to use SNMP for this task. Which of the following ports should the administrator open on the monitoring server’s firewall?
A. 53
B. 123
C. 139
D. 161
Answer: D
Reference: https://thwack.solarwinds.com/t5/NPM-Discussions/SNMP-open-ports-on-thefirewall/m-p/168826
QUESTION NO: 63 An organization has the following requirements that need to be met when implementing cloud services: SSO to cloud infrastructure On-premises directory service RBAC for IT staff Which of the following cloud models would meet these requirements?
A. Public
B. Community
C. Hybrid
D. Multi Tenant
Answer: C
QUESTION NO: 64 A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled. Which of the following techniques would BEST help the administrator assess these business requirements?
A. Performance testing
B. Usability testing
C. Vulnerability testing
D. Regression testing
Answer: C
QUESTION NO: 65 A cloud administrator needs to implement a mechanism to monitor the expense of the company’s cloud resources. Which of the following is the BEST option to execute this task with minimal effort?
A. Ask the cloud provider to send a daily expense report
B. Set custom notifications for exceeding budget thresholds
C. Use the API to collect expense information from cloud resources
D. Implement a financial tool to monitor cloud resource expenses
Answer: D
QUESTION NO: 66 An organization’s web server farm, which is hosted in the cloud with DNS load balancing, is experiencing a spike in network traffic. This has caused an outage of the organization’s web server infrastructure. Which of the following should be implemented to prevent this in the future as a mitigation method?
A. Enable DLP
B. Configure microsegmentation
C. Enable DNSSEC
D. Deploy a vADC appliance
Answer: D
QUESTION NO: 67 A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed. Which of the following will BEST identify the CPU with more computational power?
A. Simultaneous multithreading
B. Bus speed
C. L3 cache
D. Instructions per cycle
Answer: D
Reference: https://en.wikipedia.org/wiki/Central_processing_unit
QUESTION NO: 68 A cloud administrator is building a new VM for a network security appliance. The security appliance installer says the CPU clock speed does not meet the requirements. Which of the following will MOST likely solve the issue?
A. Move the VM to a host with a faster CPU
B. Add more vCPUs to the VM
C. Enable CPU masking on the VM
D. Enable hyperthreading on the virtual host
Answer: D
QUESTION NO: 69 An organization will be deploying a web application in a public cloud with two web servers, two database servers, and a load balancer that is accessible over a single public IP. Taking into account the gateway for this subnet and the potential to add two more web servers, which of the following will meet the minimum IP requirement?
A. 192.168.1.0/26
B. 192.168.1.0/27
C. 192.168.1.0/28
D. 192.168.1.0/29
Answer: B
QUESTION NO: 70 A cloud administrator checked out the deployment scripts used to deploy the sandbox environment to a public cloud provider. The administrator modified the script to add an application load balancer in front of the web-based front-end application. The administrator next used the script to recreate a new sandbox environment successfully, and the application was then using the new load balancer. The following week, a new update was required to add more front-end servers to the sandbox environment. A second administrator made the necessary changes and checked out the deployment scripts. The second administrator then ran the script, but the application load balancer was missing from the new deployment. Which of the following is the MOST likely reason for this issue?
A. The license limit on the number of server deployments allowed per month was exceeded
B. The deployment script changes made by the first administrator were not checked in and committed
C. The new server images were incompatible with the application load-balancer configuration
D. The application load balancer exceeded the maximum number of servers it could use
Answer: B
QUESTION NO: 71 A systems administrator is using VMs to deploy a new solution that contains a number of application VMs. Which of the following would provide high availability to the application environment in case of hypervisor failure?
A. Anti-affinity rules
B. Cold migration
C. Live migration
D. Affinity rules
Answer: A
Reference: https://www.vmware.com/products/vsphere/high-availability.html
QUESTION NO: 72 A company just successfully completed a DR test and is ready to shut down its DR site and resume normal operations. Which of the following actions should the cloud administrator take FIRST?
A. Initiate a failover
B. Restore backups
C. Configure the network
D. Perform a failback
Answer: A
QUESTION NO: 73 A cloud administrator has built a new private cloud environment and needs to monitor all computer, storage, and network components of the environment. Which of the following protocols would be MOST useful for this task?
A. SMTP
B. SCP
C. SNMP
D. SFTP
Answer: C
QUESTION NO: 74 Company A has acquired Company B and is in the process of integrating their cloud resources. Company B needs access to Company A’s cloud resources while retaining its IAM solution. Which of the following should be implemented?
A. Multi Factor authentication
B. Single sign-on
C. Identity federation
D. Directory service
Answer: C Reference: https://medium.com/@dinika.15/identity-federation-a-brief-introduction-f2f823f8795a
QUESTION NO: 75 After accidentally uploading a password for an IAM user in plain text, which of the following should a cloud administrator do FIRST?
A. Identify the resources that are accessible to the affected IAM user
B. Remove the published plain-text password
C. Notify users that a data breach has occurred
D. Change the affected IAM user’s password
E. Delete the affected IAM user
Answer: B
QUESTION NO: 76 A cloud administrator is planning to migrate a globally accessed application to the cloud. Which of the following should the cloud administrator implement to BEST reduce latency for all users?
A. Regions
B. Auto-scaling
C. Clustering
D. Cloud bursting
Answer: B
QUESTION NO: 77 A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance has been slow since the images were upgraded from Windows 7 to Windows 10. This VDI environment is used to run simple tasks, such as Microsoft Office. The administrator investigates the virtual machines and finds the following settings: 4 vCPU 16GB RAM 10Gb networking 256MB frame buffer Which of the following MOST likely needs to be upgraded?
A. vRAM
B. vCPU
C. vGPU
D. vNIC
Answer: C
QUESTION NO: 78 A SAN that holds VM files is running out of storage space. Which of the following will BEST increase the amount of effective storage on the SAN?
A. Enable encryption
B. Increase IOPS
C. Convert the SAN from RAID 50 to RAID 60
D. Configure deduplication
Answer: D
QUESTION NO: 79 A storage array that is used exclusively for datastores is being decommissioned, and a new array has been installed. Now the private cloud administrator needs to migrate the data. Which of the following migration methods would be the BEST to use?
A. Conduct a V2V migration
B. Perform a storage live migration
C. Rsync the data between arrays
D. Use a storage vendor migration appliance
Answer: D
QUESTION NO: 80 A company developed a product using a cloud provider’s PaaS platform and many of the platform based components within the application environment. Which of the following would the company MOST likely be concerned about when utilizing a multi cloud strategy or migrating to another cloud provider?
A. Licensing
B. Authentication providers
C. Service-level agreement
D. Vendor lock-in
Answer: C
QUESTION NO: 81 An IaaS provider has numerous devices and services that are commissioned and decommissioned automatically on an ongoing basis. The cloud administrator needs to implement a solution that will help reduce administrative overhead. Which of the following will accomplish this task?
A. IPAM
B. NAC
C. NTP
D. DNS
Answer: A
Reference: https://www.infoblox.com/glossary/ipam-ip-address-management/
QUESTION NO: 82 A systems administrator needs to configure an email client to ensure data integrity of the email messages. Which of the following provides the BEST mechanism to achieve this goal?
A. Cyclic redundancy check
B. SHA-1 hashes
C. SHA-256 hashes
D. Digital signature
Answer: A
Reference: https://www.fsl.cs.sunysb.edu/docs/integrity-storagess05/integrity.html
QUESTION NO: 83 A systems administrator is troubleshooting network throughput issues following a deployment. The network is currently being overwhelmed by the amount of traffic between the database and the web servers in the environment. Which of the following should the administrator do to resolve this issue?
A. Set up affinity rules to keep web and database servers on the same hypervisor
B. Enable jumbo frames on the gateway
C. Move the web and database servers onto the same VXLAN
D. Move the servers onto thick-provisioned storage
Answer: B
QUESTION NO: 84 Which of the following strategies will mitigate the risk of a zero-day vulnerability MOST efficiently?
A. Using only open-source technologies
B. Keeping all resources up to date
C. Creating a standby environment with a different cloud provider
D. Having a detailed incident response plan
Answer: D
QUESTION NO: 85 A systems administrator wants the VMs on the hypervisor to share CPU resources on the same core when feasible. Which of the following will BEST achieve this goal?
A. Configure CPU passthrough
B. Oversubscribe CPU resources
C. Switch from a Type 1 to a Type 2 hypervisor
D. Increase instructions per cycle
E. Enable simultaneous multithreading
Answer: B
QUESTION NO: 86 An organization is hosting a DNS domain with private and public IP ranges. Which of the following should be implemented to achieve ease of management?
A. Network peering
B. A CDN solution
C. A SDN solution
D. An IPAM solution
Answer: D
Reference: https://www.infoblox.com/glossary/ipam-ip-address-management/
QUESTION NO: 87 A systems administrator is creating a playbook to run tasks against a server on a set schedule. Which of the following authentication techniques should the systems administrator use within the playbook?
A. Use the server’s root credentials
B. Hard-code the password within the playbook
C. Create a service account on the server
D. Use the administrator’s SSO credentials
Answer: D
QUESTION NO: 88 A cloud administrator recently deployed an update to the network drivers of several servers. Following the update, one of the servers no longer responds to remote login requests. The cloud administrator investigates the issue and gathers the following information: The cloud management console shows the VM is running and the CPU and memory utilization is at or near 0%. The cloud management console does not show an IP address for that server. A DNS lookup shows the hostname resolves to an IP address. The server is a member of the same security group as the others. The cloud administrator is able to log in remotely to the other servers without issue. Which of the following is the MOST likely cause of the server being unavailable?
A. The network driver updates did not apply successfully, and the interface is in a down state.
B. The ACL policy for the server was updated as part of the server reboot, preventing login access.
C. The server was assigned a new IP address, and DNS entry for the server name was not updated.
D. The update caused an increase in the output to the logs, and the server is too busy to respond.
Answer: C
QUESTION NO: 89 A systems administrator in a large enterprise needs to alter the configuration of one of the finance department’s database servers. Which of the following should the administrator perform FIRST?
A. Capacity planning
B. Change management
C. Backups
D. Patching
Answer: C
QUESTION NO: 90 A SaaS provider wants to maintain maximum availability for its service. Which of the following should be implemented to attain the maximum SLA?
A. A hot site
B. An active-active site
C. A warm site
D. A cold site
Answer: A
QUESTION NO: 91 An SQL injection vulnerability was reported on a web application, and the cloud platform team needs to mitigate the vulnerability while it is corrected by the development team. Which of the following controls will BEST mitigate the risk of exploitation?
A. DLP
B. HIDS
C. NAC
D. WAF
Answer: A
QUESTION NO: 92 A cloud architect wants to minimize the risk of having systems administrators in an IaaS compute instance perform application code changes. The development group should be the only group allowed to modify files in the directory. Which of the following will accomplish the desired objective?
A. Remove the file write permissions for the application service account.
B. Restrict the file write permissions to the development group only.
C. Add access to the file share for the systems administrator’s group.
D. Deny access to all development user accounts
Answer: B
QUESTION NO: 93 A technician is working with an American company that is using cloud services to provide video based training for its customers. Recently, due to a surge in demand, customers in Europe are experiencing latency. Which of the following services should the technician deploy to eliminate the latency issue?
A. Auto-scaling
B. Cloud bursting
C. A content delivery network
D. A new cloud provider
Answer: A
QUESTION NO: 94 A web server has been deployed in a public IaaS provider and has been assigned the public IP address of 72.135.10.100. Users are now reporting that when they browse to the website, they receive a message indicating the service is unavailable. The cloud administrator logs into the server, runs a netstat command, and notices the following relevant output:
Which of the following actions should the cloud administrator take to resolve the issue?
A. Assign a new IP address of 192.168.100.10 to the web server
B. Modify the firewall on 72.135.10.100 to allow only UDP
C. Configure the WAF to filter requests from 17.3.130.3
D. Update the gateway on the web server to use 72.135.10.1
Answer: D
QUESTION NO: 95 The security team for a large corporation is investigating a data breach. The team members are all trying to do the same tasks but are interfering with each other’s work. Which of the following did the team MOST likely forget to implement?
A. Incident type categories
B. A calling tree
C. Change management
D. Roles and responsibilities
Answer: D
QUESTION NO: 96 A systems administrator is deploying a solution that requires a virtual network in a private cloud environment. The solution design requires the virtual network to transport multiple payload types. Which of the following network virtualization options would BEST satisfy the requirement?
A. VXLAN
B. STT
C. NVGRE
D. GENEVE
Answer: C
QUESTION NO: 97 A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance is very slow at the start of the work day, but the performance is fine during the rest of the day. Which of the following is the MOST likely cause of the issue?
A. Disk I/O limits
B. Affinity rule
C. CPU oversubscription
D. RAM usage
Answer: C
QUESTION NO: 98 Lateral-moving malware has infected the server infrastructure. Which of the following network changes would MOST effectively prevent lateral movement in the future?
A. Implement DNSSEC in all DNS servers
B. Segment the physical network using a VLAN
C. Implement microsegmentation on the network
D. Implement 802.1X in the network infrastructure
Answer: B
QUESTION NO: 99 An IaaS application has a two-hour RTO and a four-hour RPO. The application takes one hour to back up its data or restore from a local backup file. A systems administrator is tasked with configuring the backup policy. Which of the following should the administrator configure to achieve the application requirements with the LEAST cost?
A. Back up to long-term storage every night
B. Back up to object storage every three hours
C. Back up to long-term storage every four hours
D. Back up to object storage every hour
Answer: B
QUESTION NO: 100 A systems administrator needs to convert ten physical servers to virtual. Which of the following would be the MOST efficient conversion method for the administrator to use?
A. Rebuild the servers from scratch
B. Use the vendor’s conversion tool
C. Clone the hard drive
D. Restore from backup
Answer: C
QUESTION NO: 101 Which of the following cloud services is fully managed?
A. IaaS
B. GPU in the cloud
C. IoT
D. Serverless compute
E. SaaS
Answer: C
Reference: https://developers.google.com/iot
QUESTION NO: 102 A vendor is installing a new retail store management application for a customer. The application license ensures software costs are low when the application is not being used, but costs go up when use is higher. Which of the following licensing models is MOST likely being used?
A. Socket-based
B. Core-based
C. 70 Subscription
D. Volume-based
Answer: A
QUESTION NO: 103 A systems administrator swapped a failed hard drive on a server with a RAID 5 array. During the RAID resynchronization, a second hard drive failed. Which of the following actions will make the server fully operational?
A. Restart the RAID resynchronization process
B. Perform a P2V migration of the server
C. Swap the failed hard drive with a fresh one
D. Restore the server from backup
Answer: A
QUESTION NO: 104 A systems administrator has finished installing monthly updates to servers in a cloud environment. The administrator notices certain portions of the playbooks are no longer functioning. Executing the playbook commands manually on a server does not work as well. There are no other reports of issues. Which of the following is the MOST likely cause of this issue?
A. Change management failure
B. Service overload
C. Patching failure
D. Job validation issues
E. Deprecated features
Answer: D
QUESTION NO: 105 A company is doing a cloud-to-cloud migration to lower costs. A systems administrator has to plan the migration accordingly. Which of the following considerations is MOST important for a successful, future-proof, and lowcost migration?
A. Tier pricing
B. Licensing
C. Estimated consumption
D. Feature compatibility
Answer: D
QUESTION NO: 106 A software development manager is looking for a solution that will allow a team of developers to work in isolated environments that can be spun up and torn down quickly. Which of the following is the MOST appropriate solution?
A. Containers
B. File subscriptions
C. Ballooning
D. Software-defined storage
Answer: A
QUESTION NO: 107 A cloud administrator is building a new VM for machine-learning training. The developer requesting the VM has stated that the machine will need a full GPU dedicated to it. Which of the following configuration options would BEST meet this requirement?
A. Virtual GPU
B. External GPU
C. Passthrough GPU
D. Shared GPU
Answer: A
QUESTION NO: 108 A company recently experienced a power outage that lasted 30 minutes. During this time, a whole rack of servers was inaccessible, even though the servers did not lose power. Which of the following should be investigated FIRST?
A. Server power
B. Rack power
C. Switch power
D. SAN power
Answer: C
QUESTION NO: 109 A company has an in-house-developed application. The administrator wants to utilize cloud services for additional peak usage workloads. The application has a very unique stack of dependencies. Which of the following cloud service subscription types would BEST meet these requirements?
A. PaaS
B. SaaS
C. DBaaS
D. IaaS
Answer: D
QUESTION NO: 110 Users are experiencing slow response times from an intranet website that is hosted on a cloud platform. There is a site-to-site VPN connection to the cloud provider over a link of 100Mbps. Which of the following solutions will resolve the issue the FASTEST?
A. Change the connection to point-to-site VPN
B. Order a direct link to the provider
C. Enable quality of service
D. Upgrade the link to 200Mbps
Answer: C
