A cloud engineer is deploying a server in a cloud platform. The engineer reviews a security scan report. Which of the following recommended services should be disabled? (Choose two.)

A. Telnet

B. FTP

C. Remote login

D. DNS

E. DHCP

F. LDAP

A systems administrator is helping to develop a disaster recovery solution. The solution must ensure all production capabilities are available within two hours. Which of the following will BEST meet this requirement?

A. A hot site

B. A warm site

C. A backup site

D. A cold site

A company has hired a security firm to perform a vulnerability assessment of its environment. In the first phase, an engineer needs to scan the network services exposed by the hosts. Which of the following will help achieve this with the LEAST privileges?

A. An agent-based scan

B. A credentialed scan

C. A network-based scan

D. An application scan

A systems administrator wants to have near-real-time information on the volume of data being exchanged between an application server and its clients on the
Internet. Which of the following should the systems administrator implement to achieve this objective?

A. A stateful firewall

B. DLP

C. DNSSEC

D. Network flows

A cloud architect is deploying a web application that contains many large images and will be accessed on two containers. Which of the following will MOST improve the user experience while keeping costs low?

A. Implement web servers in both continents and set up a VPN between the VPCs.

B. Implement web servers on both continents and peer the VPCs.

C. Implement a CDN and offload the images to an object storage.

D. Implement a replica of the entire solution on every continent.

A technician is trying to delete six decommissioned VMs. Four VMs were deleted without issue. However, two of the VMs cannot be deleted due to an error. Which of the following would MOST likely enable the technician to delete the VMs?

A. Remove the snapshots

B. Remove the VMs’ IP addresses

C. Remove the VMs from the resource group

D. Remove the lock from the two VMs

A cloud security analyst needs to ensure the web servers in the public subnet allow only secure communications and must remediate any possible issue. The stateful configuration for the public web servers is as follows:
 
Which of the following actions should the analyst take to accomplish the objective?

A. Remove rules 1, 2, and 5.

B. Remove rules 1, 3, and 4.

C. Remove rules 2, 3, and 4.

D. Remove rules 3, 4, and 5.

A user reports a poor-quality remote VDI session. Which of the following should the help desk technician do FIRST to troubleshoot the issue?

A. Check the FAQ section of the vendor’s documentation.

B. Ask the user if the client device or access location has changed.

C. Reboot the user’s virtual desktop.

D. Request permission to log in to the device remotely.

A production engineer is configuring a new application, which is running in containers, that requires access to a database. Which of the following methods will allow the application to authenticate to the database in the MOST secure way?

A. Store the credentials in a variable on every worker node

B. Store the credentials on a shared volume using whole-disk encryption

C. Store the credentials in a configuration file using SHA-256 inside the container image

D. Store the credentials using the orchestrator secret manager

A system administrator supports an application in the cloud, which includes a restful API that receives an encrypted message that is passed to a calculator system. The administrator needs to ensure the proper function of the API using a new automation tool. Which of the following techniques would be BEST for the administrator to use to accomplish this requirement?

A. Functional testing

B. Performance testing

C. Integration testing

D. Unit testing

A cloud engineer recently used a deployment script template to implement changes on a cloud-hosted web application. The web application communicates with a managed database on the back end. The engineer later notices the web application is no longer receiving data from the managed database. Which of the following is the MOST likely cause of the issue?

A. Misconfiguration in the user permissions

B. Misconfiguration in the routing traffic

C. Misconfiguration in the network ACL

D. Misconfiguration in the firewall

HOTSPOT
-
The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.
Refer to the application dataflow:
1A – The end user accesses the application through a web browser to enter and view clinical data.
2A – The CTM application sever reads/writes data to/from the database server.
1B – The end user accesses the application through a web browser to run reports on clinical data.
2B – The CTM application server makes a SOAP call on port 9400 to the BI application server.
3B – The BI application server gets the data from the database server and presents it to the CTM application server.
When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue.
INSTRUCTIONS
-
You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.
You should ensure the firewall rules are allowing only the traffic based on the dataflow.
You have already verified the external DNS resolution and NAT are working.
Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
 

A private IaaS administrator is receiving reports that all newly provisioned Linux VMs are running an earlier version of the OS than they should be. The administrator reviews the automation scripts to troubleshoot the issue and determines the scripts ran successfully. Which of the following is the MOST likely cause of the issue?

A. API version incompatibility

B. Misconfigured script account

C. Wrong template selection

D. Incorrect provisioning script indentation

A cloud administrator is upgrading a cloud environment and needs to update the automation script to use a new feature from the cloud provider. After executing the script, the deployment fails. Which of the following is the MOST likely cause?

A. API incompatibility

B. Location changes

C. Account permissions

D. Network failure

A systems administrator is configuring a storage array. Which of the following should the administrator configure to set up mirroring on this array?

A. RAID 0

B. RAID 1

C. RAID 5

D. RAID 6

Users are experiencing slow response times from an intranet website that is hosted on a cloud platform. There is a site-to-site VPN connection to the cloud provider over a link of 100Mbps. Which of the following solutions will resolve the issue the FASTEST?

A. Change the connection to point-to-site VPN.

B. Order a direct link to the provider.

C. Enable quality of service.

D. Upgrade the link to 200Mbps.

A cloud engineer is troubleshooting RSA key-based authentication from a local computer to a cloud-based server, which is running SSH service on a default port. The following file permissions are set on the authorized keys file:
 
Which of the following security practices are the required actions the engineer should take to gain access to the server? (Choose two.)

A. Fix the file permissions with execute permissions to the owner of the file.

B. Open port 21 access for the computer’s public IP address.

C. Fix the permissions with read-only access to the owner of the file.

D. Open port 22 access for the computer’s public IP address.

E. Open port 21 access for 0.0.0.0/0 CIDR.

F. Open port 22 access for 0.0.0.0/0 CIDR.

A non-critical file on a database server was deleted and needs to be recovered. A cloud administrator must use the least disruptive restoration process to retrieve the file, as the database server cannot be stopped during the business day. Which of the following restoration methods would BEST accomplish this goal?

A. Alternate location

B. Restore from image

C. Revert to snapshot

D. In-place restoration

A database analyst reports it takes two hours to perform a scheduled job after onboarding 10,000 new users to the system. The analyst made no changes to the scheduled job before or after onboarding the users. The database is hosted in an IaaS instance on a cloud provider. Which of the following should the cloud administrator evaluate to troubleshoot the performance of the job?

A. The IaaS compute configurations, the capacity trend analysis reports, and the storage IOPS

B. The hypervisor logs, the memory utilization of the hypervisor host, and the network throughput of the hypervisor

C. The scheduled job logs for successes and failures, the time taken to execute the job, and the job schedule

D. Migrating from IaaS to on premises, the network traffic between on-premises users and the IaaS instance, and the CPU utilization of the hypervisor host

An organization is implementing a new requirement to facilitate users with faster downloads of corporate application content. At the same time, the organization is also expanding cloud regions. Which of the following would be suitable to optimize the network for this requirement?

A. Implement CDN for overall cloud application.

B. Implement auto-scaling of the compute resources.

C. Implement SR-IOV on the server instances.

D. Implement an application container solution.

Which of the following cloud services is fully managed?

A. IaaS

B. GPU in the cloud

C. IoT

D. Serverless compute

E. SaaS

A cloud architect is reviewing the design for a new cloud-based ERP solution. The solution consists of eight servers with a single network interface. The allocated
IP range is 172.16.0.0/28. One of the requirements of the solution is that it must be able to handle the potential addition of 16 new servers to the environment.
Because of the complexity of the firewall and related ACL requirements, these new servers will need to be in the same network range. Which of the following changes would allow for the potential server addition?

A. Change the IP address range to use a 10.0.0.0 address.

B. Change the server template to add network interfaces.

C. Change the subnet mask to use a 255.255.255.128 range.

D. Change the server scaling configuration to increase the maximum limit.

A systems administrator is configuring a storage system for maximum performance and redundancy. Which of the following storage technologies should the administrator use to achieve this?

A. RAID 5

B. RAID 6

C. RAID 10

D. RAID 50

A cloud administrator is planning to migrate a globally accessed application to the cloud. Which of the following should the cloud administrator implement to BEST reduce latency for all users?

A. Regions

B. Auto-scaling

C. Clustering

D. Cloud bursting

A systems administrator adds servers to a round-robin, load-balanced pool, and then starts receiving reports of the website being intermittently unavailable. Which of the following is the MOST likely cause of the issue?

A. The network is being saturated.

B. The load balancer is being overwhelmed.

C. New web nodes are not operational.

D. The API version is incompatible.

E. There are time synchronization issues.

A company is using an IaC deployment model to a public cloud IaaS. The automation runs partially and then fails to build a VM in the IaaS environment. Upon further assessment, the connectivity to the IaaS is confirmed. Which of the following are the MOST likely causes of the failure? (Choose two.)

A. Insufficient account balance

B. Network settings

C. Resource tagging

D. API request limits

E. Administrator access

F. Inadequate storage

A systems administrator wants to ensure two VMs remain together on the same host. Which of the following must be set up to enable this functionality?

A. Affinity

B. Zones

C. Regions

D. A cluster

A cloud engineer is performing updates to an application and needs to gracefully stop any new transactions from processing before the updates can be applied. Which of the following steps should the engineer take?

A. Enable maintenance mode from the application dashboard

B. Wait until after business hours to conduct the change when the system is not in use

C. Run a kill command on the system to stop the application services

D. Use a load balancer to redirect traffic to other systems serving the application

A cloud administrator needs to establish a secure connection between two different locations. Which of the following is the BEST option to implement the secure connection?

A. HTTPS

B. IPSec

C. TLS

D. SSH

A company is using a hybrid cloud environment. The private cloud is hosting the business applications, and the cloud services are being used to replicate for availability purposes. The cloud services are also being used to accommodate the additional resource requirements to provide continued services. Which of the following scalability models is the company utilizing?

A. Vertical scaling

B. Autoscaling

C. Cloud bursting

D. Horizontal scaling

In an IaaS platform, which of the following actions would a systems administrator take FIRST to identify the scope of an incident?

A. Conduct a memory acquisition.

B. Snapshot all volumes attached to an instance.

C. Retrieve data from a backup.

D. Perform a traffic capture.

A company is concerned about the security of its data repository that contains customer PII. A systems administrator is asked to deploy a security control that will prevent the exfiltration of such data. Which of the following should the systems administrator implement?

A. DLP

B. WAF

C. FIM

D. ADC

A company is doing a cloud-to-cloud migration to lower costs. A systems administrator has to plan the migration accordingly. Which of the following considerations is MOST important for a successful, future-proof, and low-cost migration?

A. Tier pricing

B. Licensing

C. Estimated consumption

D. Feature compatibility

Due to a policy change, a few of a customer's application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%. Which of the following is the MOST likely cause?

A. There is not enough vCPU assigned.

B. The application is not compatible with the new settings.

C. The new configuration is adding latency.

D. The memory of the VM is underallocated.

A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the company use to verify if this is a true positive with the least effort and cost? (Choose two.)

A. A network-based scan

B. An agent-based scan

C. A port scan

D. A red-team exercise

E. A credentialed scan

F. A blue-team exercise

G. Unknown environment penetration testing

Which of the following enables CSPs to offer unlimited capacity to customers?

A. Adequate budget

B. Global data center distribution

C. Economies of scale

D. Agile project management

A cloud engineer, who manages workloads in a public cloud environment, uses autoscaling to maintain availability of a critical application. During a recent burst in demands, the engineer received the following error alert:
LimitedInstanceCapacity -
Which of the following is MOST likely cause of the error?

A. The cloud account has a misconfigured security group.

B. The cloud account has exhausted the number of instances quota.

C. The cloud account has had rights revoked to create instances.

D. The autoscaling feature does not have permissions to create instances.

A technician is working with an American company that is using cloud services to provide video-based training for its customers. Recently, due to a surge in demand, customers in Europe are experiencing latency. Which of the following services should the technician deploy to eliminate the latency issue?

A. Auto-scaling

B. Cloud bursting

C. A content delivery network

D. A new cloud provider

A cloud administrator needs to coordinate and automate the management of a company's secrets and keys for all its cloud services with minimal effort and low cost. Which of the following is the BEST option to achieve the goal?

A. Implement database as a service

B. Configure Key Vault

C. Use password as a service

D. Implement KeePass

A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled. Which of the following techniques would BEST help the administrator assess these business requirements?

A. Performance testing

B. Usability testing

C. Vulnerability testing

D. Regression testing

An administrator manages a file server that has a lot of users accessing and creating many files. As a result, the storage consumption is growing quickly. Which of the following would BEST control storage usage?

A. Compression

B. File permissions

C. User quotas

D. Access policies

A company is preparing a hypervisor environment to implement a database cluster. One of the requirements is to share the disks between the nodes of the cluster to access the same LUN. Which of the following protocols should the company use? (Choose two.)

A. CIFS

B. FTP

C. iSCSI

D. RAID 10

E. NFS

F. FC

An environment has a dual-stack infrastructure in an active-active configuration in two separate data centers. Which of the following best describes replication between the two sites?

A. Data is moved constantly from the hot site to the warm site.

B. Data is replicated every 15 minutes from one site to the other.

C. Data is moved from one site to the other once per day.

D. Data is synchronized in real time across the sites.

E. Data is moved twice a day from Site A to Site B, and then from Site B to Site A.

A company is utilizing a private cloud solution that is hosted within its datacenter. The company wants to launch a new business application, which requires the resources below:
 
The current private cloud has 30 vCPUs and 512GB RAM available. The company is looking for a quick solution to launch this application, with expected maximum sessions to be close to 24,000 at launch and an average of approximately 5,000 sessions. Which of the following solutions would help to company accommodate the new workload in the SHORTEST amount of time and with the maximum financial benefits?

A. Configure auto-scaling within the private cloud.

B. Set up cloud bursting for the additional resources.

C. Migrate all workloads to a public cloud provider.

D. Add more capacity to the private cloud.

A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment. Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application. Single sign-on is also implemented, which makes access much easier. Which of the following access control rules should be changed?

A. Discretionary-based

B. Attribute-based

C. Mandatory-based

D. Role-based

An organization provides integration services for finance companies that use web services. A new company that sends and receives more than 100,000 transactions per second has been integrated using the web service. The other integrated companies are now reporting slowness with regard to the integration service. Which of the following is the cause of the issue?

A. Incorrect configuration in the authentication process

B. Incorrect configuration in the message queue length

C. Incorrect configuration in user access permissions

D. Incorrect configuration in the SAN storage pool

A systems administrator received an email from a cloud provider stating that storage is 80% full on the volume that stores VDI desktops. Which of the following is the MOST efficient way to mitigate the situation?

A. Deduplication

B. Compression

C. Replication

D. Storage migration

An integration application that communicates between different application and database servers is currently hosted on a physical machine. A P2V migration needs to be done to reduce the hardware footprint. Which of the following should be considered to maintain the same level of network throughput and latency in the virtual server?

A. Upgrading the physical server NICs to support 10Gbps

B. Adding more vCPU

C. Enabling SR-IOV capability

D. Increasing the VM swap/paging size

An organization is developing a new solution for hosting an external website. The systems administrator needs the ability to manage the OS. Which of the following methods would be MOST suitable to achieve this objective?

A. Deploy web servers into an IaaS provider.

B. Implement a cloud-based VDI solution.

C. Provision web servers in a container environment.

D. Use PaaS components in the cloud to implement the product.

An organization suffered a critical failure of its primary datacenter and made the decision to switch to the DR site. After one week of using the DR site, the primary datacenter is now ready to resume operations.
Which of the following is the MOST efficient way to bring the block storage in the primary datacenter up to date with the DR site?

A. Set up replication.

B. Copy the data across both sites.

C. Restore incremental backups.

D. Restore full backups.