A company is concerned about the security of its data repository that contains customer PII. A systems administrator is asked to deploy a security control that will prevent the exfiltration of such data. Which of the following should the systems administrator implement?

A. DLP

B. WAF

C. FIM

D. ADC

Which of the following enables CSPs to offer unlimited capacity to customers?

A. Adequate budget

B. Global data center distribution

C. Economies of scale

D. Agile project management

All of a company's servers are currently hosted in one cloud MSP. The company created a new cloud environment with a different MSP. A cloud engineer is now tasked with preparing for server migrations and establishing connectivity between clouds. Which of the following should the engineer perform FIRST?

A. Peer all the networks from each cloud environment.

B. Migrate the servers.

C. Create a VPN tunnel.

D. Configure network access control lists.

A local bank has all of its infrastructure in the cloud. An update was applied to the main database server at 5:00 a.m. on Monday morning, and the database was then corrupted and unusable. It had to be restored from backup. The last backup was taken the night before at 10:00 p.m. The database was then restored successfully, but seven hours' worth of data was lost, which is deemed unacceptable. Which of the following needs to be updated in the DR plan?

A. Recovery point objective

B. Statement of work

C. Service-level agreement

D. Recovery time objective

A company wants to check its infrastructure and application for security issues regularly. Which of the following should the company implement?

A. Performance testing

B. Penetration testing

C. Vulnerability testing

D. Regression testing

Over the last couple of years, the growth of a company has required a more complex DNS and DHCP environment. Which of the following should a systems administration team implement as an appropriate solution to simplify management?

A. IPAM

B. DoH

C. VLAN

D. SDN

A systems administrator strictly followed a CSP’s documentation to federate identity for the company’s users; however, even when using the correct credentials, the users receive an error message indicating their tokens are expired. Which of the following is MOST likely the cause of the error?

A. The date on the company’s identity server is configured incorrectly.

B. The CSP’s documentation is incorrect.

C. There is a connection issue between the company and the CSP’s networks.

D. MFA was enforced on the CSP.

A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the company use to verify if this is a true positive with the least effort and cost? (Choose two.)

A. A network-based scan

B. An agent-based scan

C. A port scan

D. A red-team exercise

E. A credentialed scan

F. A blue-team exercise

G. Unknown environment penetration testing

Users currently access SaaS email with five-character passwords that use only letters and numbers. An administrator needs to make access more secure without changing the password policy. Which of the following will provide a more secure way of accessing email at the lowest cost?

A. Change the email service provider.

B. Enable MFA with a one-time password.

C. Implement SSO for all users.

D. Institute certificate-based authentication.

A systems administrator has migrated an internal application to a public cloud. The new web server is running under a TLS connection and has the same TLS certificate as the internal application that is deployed. However, the IT department reports that only internal users who are using new versions of the OSs are able to load the application home page. Which of the following is the MOST likely cause of the issue?

A. The local firewall from older OSs is not allowing outbound connections.

B. The local firewall from older OSs is not allowing inbound connections.

C. The cloud web server is using a self-signed certificate that is not supported by older browsers.

D. The cloud web server is using strong ciphers that are not supported by older browsers.

A company needs to migrate the storage system and batch jobs from the local storage system to a public cloud provider. Which of the following accounts will
MOST likely be created to run the batch processes?

A. User

B. LDAP

C. Role-based

D. Service

A company’s marketing department is running a rendering application on virtual desktops. Currently, the application runs slowly, and it takes a long time to refresh the screen. The virtualization administrator is tasked with resolving this issue. Which of the following is the BEST solution?

A. GPU passthrough

B. Increased memory

C. Converged infrastructure

D. An additional CPU core

A systems administrator needs to implement a way for users to verify software integrity. Which of the following tools would BEST meet the administrator’s needs?

A. TLS 1.3

B. CRC32

C. AES-256

D. SHA-512

A cloud administrator is designing a multiregion network within an IaaS provider. The business requirements for configuring the network are as follows:
✑ Use private networking in and between the multisites for data replication.
✑ Use low latency to avoid performance issues.
Which of the following solutions should the network administrator use within the IaaS provider to connect multiregions?

A. Peering

B. Gateways

C. VPN

D. Hub and spoke

A company is planning to migrate applications to a public cloud, and the Chief Information Officer (CIO) would like to know the cost per business unit for the applications in the cloud. Before the migration, which of the following should the administrator implement FIRST to assist with reporting the cost for each business unit?

A. An SLA report

B. Tagging

C. Quotas

D. Showback

Due to a policy change, a few of a customer's application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%. Which of the following is the MOST likely cause?

A. There is not enough vCPU assigned.

B. The application is not compatible with the new settings.

C. The new configuration is adding latency.

D. The memory of the VM is underallocated.

A company is currently running a website on site. However, because of a business requirement to reduce current RTO from 12 hours to one hour, and the RPO from one day to eight hours, the company is considering operating in a hybrid environment. The website uses mostly static files and a small relational database.
Which of the following should the cloud architect implement to achieve the objective at the LOWEST cost possible?

A. Implement a load-balanced environment in the cloud that is equivalent to the current on-premises setup and use DNS to shift the load from on premises to cloud.

B. Implement backups to cloud storage and infrastructure as code to provision the environment automatically when the on-premises site is down. Restore the data from the backups.

C. Implement a website replica in the cloud with auto-scaling using the smallest possible footprint. Use DNS to shift the load from on premises to the cloud.

D. Implement a CDN that caches all requests with a higher TTL and deploy the IaaS instances manually in case of disaster. Upload the backup on demand to the cloud to restore on the new instances.

A company is planning its cloud architecture and wants to use a VPC for each of its three products per environment in two regions, totaling 18 VPCs. The products have interdependencies, consuming services between VPCs. Which of the following should the cloud architect use to connect all the VPCs?

A. MPLS connections

B. VPC peering

C. Hub and spoke

D. VPN connections

A financial services company is considering its options for moving its infrastructure to the cloud. The company runs its critical database on a proprietary legacy mainframe, which cannot be hosted anywhere but in the data center. However, the company would like to migrate portions of the infrastructure to an external provider. Which of the following cloud deployment models would be the BEST option?

A. Private

B. Public

C. Community

D. Hybrid

A systems administrator is trying to connect to a remote KVM host. The command line appears as follows:
 
After logging in to the remote server, the administrator verifies the daemon is running. Which of the following should the administrator try NEXT?

A. Opening port 22 on the firewall

B. Running the command with elevated privileges

C. Checking if the SSH password is correct

D. Ensuring the private key was properly imported

A Chief Information Security Officer (CISO) is evaluating the company's security management program. The CISO needs to locate all the assets with identified deviations and mitigation measures. Which of the following would help the CISO with these requirements?

A. An SLA document

B. A DR plan

C. SOC procedures

D. A risk register

A systems administrator wants to have near-real-time information on the volume of data being exchanged between an application server and its clients on the
Internet. Which of the following should the systems administrator implement to achieve this objective?

A. A stateful firewall

B. DLP

C. DNSSEC

D. Network flows

A systems administrator wants to restrict access to a set of sensitive files to a specific group of users. Which of the following will achieve the objective?

A. Add audit rules on the server

B. Configure data loss prevention in the environment

C. Change tine permissions and ownership of the files

D. Implement a HIPS solution on the host

A systems administrator disabled TLS 1.0 and 1.1, as well as RC4, 3DES, and AES-128 ciphers for TLS 1.2, on a web server. A client now reports being unable to access the web server, but the administrator verifies that the server is online, the web service is running, and other users can reach the server as well. Which of the following should the administrator recommend the user to do FIRST?

A. Disable antivirus/anti-malware software.

B. Turn off the software firewall.

C. Establish a VPN tunnel between the computer and the web server.

D. Update the web browser to the latest version.

A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment. Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application. Single sign-on is also implemented, which makes access much easier. Which of the following access control rules should be changed?

A. Discretionary-based

B. Attribute-based

C. Mandatory-based

D. Role-based

To save on licensing costs, the on-premises, IaaS-hosted databases need to be migrated to a public DBaaS solution. Which of the following would be the BEST technique?

A. Live migration

B. Physical-to-virtual

C. Storage-level mirroring

D. Database replication

A company wants to move its environment from on premises to the cloud without vendor lock-in. Which of the following would BEST meet this requirement?

A. DBaaS

B. SaaS

C. IaaS

D. PaaS

A cloud administrator is responsible for managing a public cloud environment. The administrator needs to deploy new servers that will be domain controllers to authenticate 500,000 users and computer objects. Which of the following storage types would be BEST to select when deploying the servers to achieve the lowest cost per I/O?

A. Hybrid

B. SAS

C. Flash

D. SSD

A cloud engineer is troubleshooting RSA key-based authentication from a local computer to a cloud-based server, which is running SSH service on a default port. The following file permissions are set on the authorized keys file:
 
Which of the following security practices are the required actions the engineer should take to gain access to the server? (Choose two.)

A. Fix the file permissions with execute permissions to the owner of the file.

B. Open port 21 access for the computer’s public IP address.

C. Fix the permissions with read-only access to the owner of the file.

D. Open port 22 access for the computer’s public IP address.

E. Open port 21 access for 0.0.0.0/0 CIDR.

F. Open port 22 access for 0.0.0.0/0 CIDR.

A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed. Which of the following will BEST identify the CPU with more computational power?

A. Simultaneous multithreading

B. Bus speed

C. L3 cache

D. Instructions per cycle

A systems administrator is deploying a solution that includes multiple network I/O-intensive VMs. The solution design requires that vNICs of the VMs provide low- latency, near-native performance of a physical NIC and data protection between the VMs. Which of the following would BEST satisfy these requirements?

A. SR-IOV

B. GENEVE

C. SDN

D. VLAN

An organization is developing a new online product. The product must:
• Minimize organizational infrastructure and comply with security standards.
• Minimize organizational compliance efforts.
• Focus on application development and increase speed to market.
Which of the following should the organization consider, given the requirements listed above?

A. Use cloud-native serverless services.

B. Implement automated compliance scanning tools.

C. Harden servers using repeatable compliance templates.

D. Deploy compliance linters in the CI/CD pipeline.

A company is concerned it will run out of VLANs on its private cloud platform in the next couple months, and the product currently offered to customers requires the company to allocate three dedicated, segmented tiers. Which of the following can the company implement to continue adding new customers and to maintain the required level of isolation from other tenants?

A. GRE

B. SR-IOV

C. VXLAN

D. IPsec

A company uses multiple SaaS-based cloud applications. All the applications require authentication upon access. An administrator has been asked to address this issue and enhance security. Which of the following technologies would be the BEST solution?

A. Single sign-on

B. Certificate authentication

C. Federation

D. Multifactor authentication

A cloud engineer has deployed a virtual storage appliance into a public cloud environment. The storage appliance has a NAT to a public IP address. An administrator later notices there are some strange files on the storage appliance and a large spike in network traffic on the machine. Which of the following is the most likely cause?

A. The default password is still configured on the appliance.

B. The appliance’s certificate has expired.

C. The storage appliance has no firewall.

D. Data encryption is enabled, and the files are hashed.

A cloud administrator is performing automated deployment of cloud infrastructure for clients. The administrator notices discrepancies from the baseline in the configuration of infrastructure that was deployed to a new client. Which of the following is MOST likely the cause?

A. The deployment user account changed.

B. The deployment was done to a different resource group.

C. The deployment was done by a different cloud administrator.

D. The deployment template was modified.

A systems administrator is deploying a VM and would like to minimize storage utilization by ensuring the VM uses only the storage if needs. Which of the following will BEST achieve this goal?

A. Compression

B. Deduplication

C. RAID

D. Thin provisioning

A cloud administrator has finished setting up an application that will use RDP to connect. During testing, users experience a connection timeout error. Which of the following will MOST likely solve the issue?

A. Checking user passwords

B. Configuring QoS rules

C. Enforcing TLS authentication

D. Opening TCP port 3389

A systems administrator is trying to establish an RDP session from a desktop to a server in the cloud. However, the connection appears to be refused even through the VM is responding to ICMP echo requests. Which of the following should the administrator check FIRST?

A. The firewall

B. The subnet

C. The gateway

D. The services

A systems administrator is writing a script for provisioning nodes in the environment. Which of the following would be BEST for the administrator to use to provision the authentication credentials to the script?

A. password=’curl https://10.2.3.4/api/sytemops?op=provision’

B. password=$env_password

C. password=$(cat /opt/app/credentials)

D. password=”MyS3cretP4sswordIsVeryL0ng”

A development team recently completed testing changes to a company's web-based CMS in the sandbox environment. The cloud administrator deployed these
CMS application changes to the staging environment as part of the next phase in the release life cycle. The deployment was successful, but after deploying the
CMS application, the web page displays an error message stating the application is unavailable. After reviewing the application logs, the administrator sees an error message that the CMS is unable to connect to the database. Which of the following is the BEST action for the cloud administrator to perform to resolve the issue?

A. Modify the deployment script to delete and recreate the database whenever the CMS application is deployed.

B. Modify the ACL to allow the staging environment to access the database in the sandbox environment.

C. Modify the CMS application deployment to use the previous version and redeploy the application.

D. Modify the configuration settings of the CMS application to connect to the database in the current environment.

A company is deploying a public cloud solution for an existing application using lift and shift. The requirements for the applications are scalability and external access. Which of the following should the company implement? (Choose two.)

A. A load balancer

B. SDN

C. A firewall

D. SR-IOV

E. Storage replication

F. A VPN

A technician needs to deploy two virtual machines in preparation for the configuration of a financial application next week. Which of the following cloud deployment models should the technician use?

A. XaaS

B. IaaS

C. PaaS

D. SaaS

A systems administrator would like to reduce the network delay between two servers. Which of the following will reduce the network delay without taxing other system resources?

A. Decrease the MTU size on both servers.

B. Adjust the CPU resources on both servers.

C. Enable compression between the servers.

D. Configure a VPN tunnel between the servers.

A product-based company wants to transition to a method that provides the capability to enhance the product seamlessly and keep the development iterations to a shorter time frame. Which of the following would BEST meet these requirements?

A. Implement a secret management solution

B. Create autoscaling capabilities

C. Develop CI/CD tools

D. Deploy a CMDB tool

An organization’s two-node, hybrid container cluster is experiencing failures during horizontal scaling to the cloud cluster instance. The on-premises IP range is 192.168.0.0/16, and the cloud environment is 10.168.0.0/16. Overlapping or stretched VLANs are not permitted, and a node is deployed in each location. The cloud monitoring agent reports a healthy status for the second instance, but when pining the clusters from on premises, the following output is received:
 
Which of the following is the most likely reason for the scaling failure?

A. Incorrect DNS entry

B. Offline cluster node

C. Incorrect proxy entry

D. Incorrect cluster IP

E. Incorrect IP route

A SAN that holds VM files is running out of storage space. Which of the following will BEST increase the amount of effective storage on the SAN?

A. Enable encryption.

B. Increase IOPS.

C. Convert the SAN from RAID 50 to RAID 60.

D. Configure deduplication.

A systems administrator needs to implement a security control that will prevent unknown malware from infecting a system in case the antivirus solution fails. Which of the following should the administrator implement?

A. A software whitelist

B. File integrity monitoring

C. A host-based IDS

D. Hardened baselines

A company has an in-house-developed application. The administrator wants to utilize cloud services for additional peak usage workloads. The application has a very unique stack of dependencies. Which of the following cloud service subscription types would BEST meet these requirements?

A. PaaS

B. SaaS

C. DBaaS

D. IaaS

A systems administrator is performing an OS upgrade on a production VM. Which of the following actions should the administrator take before the upgrade to ensure the FASTEST recovery of the system in case the upgrade fails in an unrecoverable way?

A. Submit the upgrade to the CAB.

B. Perform a full backup.

C. Take a snapshot of the system.

D. Test the upgrade in a preproduction environment.