A company's security policy requires full disk encryption on all clients with preboot enabled. The encryption server is hosted, and the requirement is to push an update to all endpoints. Which of the following is the BEST method to test and apply the update with minimal disruption to end users?
Joe, a customer, wants to implement backup of his replicated VMs so production performance is not affected at the primary site.
Which of the following backup methods would be the MOST appropriate?
Reference https://docs.microsoft.com/en-us/azure/virtual-machines/linux/backup-and-disaster-recovery-for- azure-iaas-disks
A user cannot consume SaaS services while working remotely. IP whitelisting is implemented to connect to a SaaS provider as a security mechanism. Which of the following describes the MOST likely reason why the user cannot access the SaaS resources?
A rural manufacturing company wants to move all IT services, including the industrial control systems, to the cloud.
Given this scenario, which of the following cloud services elements would be a challenge to the deployment?
A company is required to ensure all access to its cloud instance for all users to utilize two-factor authentication.
The QA team confirms all functional requirements successfully test. After deployment, all business users report the two-factor authentication is not enforced while accessing the instance. Which of the following would be the MOST likely reason the QA team did not catch the issue?
A company wants to ensure production data is not exposed during a functional and load testing exercise, as it will be the source of the data.
Which of the following techniques should the cloud administrator deploy to ensure testing requirements are met?
A production IaaS database server contains PCI data and is a critical business capability. The CAB approved a normal code change release for QA and PROD to occur 30 minutes apart and to last a maximum of one hour. The cloud DBA team is 45 minutes behind schedule, so they miss the start time on QA. As the cloud DBA, which of the following is the BEST course of action to apply the code change?
During the cloud provisioning process, a misconfiguration results in the requester being granted privileges to the underlying IaaS infrastructure.
Which of the following security principles has been violated?
A technician receives a call from Joe, a user, who is unable to log into any of the company’s SaaS application. The applications are provided by multiple vendors. Joe reports his credentials were working previously, and he is able to log into the locally hosted applications with the same credentials.
Which of the following is the MOST likely cause of Joe’s issues?
A cloud engineer is provisioning a group of servers in a public cloud using a template. The template uses a custom image that includes all the hardening minimum security standards approved by the cybersecurity
department. The image is more than 30 days old and is updated on a quarterly basis.
Before deploying the servers in production, the cloud engineer should:
A multinational corporation needs to migrate servers, which are supporting a national defense project, to a new datacenter. The data in QUESTION NO: is approximately 20GB in size. The engineer on the project is considering datacenters in several countries as possible destinations. All sites in consideration are on a high-
speed MPLS network (10Gb+ connections). Which of the following environmental constraints is MOST likely to rule out a possible site as an option?
A cloud administrator is adding several accounts for new development team interns. These interns will need access to some, but not all, of the resources and will only be working over the summer. Which of the following user provisioning techniques should be used?
A company changed its policy to have seven-year data retention in the public cloud. Which of the following would be the MOST cost-effective way to meet retention requirements?
Ann, a cloud administrator, is reporting on how the organization has adhered to its marketing of 99.99999% system availability SLA.
Given this scenario, which of the following should Ann include in her report?
An engineer is responsible for managing a private cloud environment at a software company. Company developers perform all programming in the cloud environment. There are two departments working on a highly classified product that now requires dedicated resources, which cannot be viewed or accessed by other departments in the cloud environment. Which of the following should the engineer perform to ensure the requirements are met? (Choose three.)
A small clinic is moving its health and accounting systems to a SaaS solution. The clinic holds patient- and business-sensitive information. Which of the following is the company expected to do to protect its data?
Joe, a cloud administrator, is no longer able to SSH to his cloud management console after he returns from a two-week vacation. A coworker was able to connect from the management station with no issue. During the last two weeks, the desktop team replaced all administrator machines with newer ones. Which of the following must Joe do FIRST to troubleshoot his access?
A cloud administrator notices one of the servers in the public cloud environment has a non-compliant firewall policy. In reviewing the logs, the administrator notices a couple technicians made individual changes to the
firewall policy for a new project.
Which of the following is the BEST solution to reduce configuration drift for the firewall policy?
With increased traffic to a website, several outages have occurred due to a log files filling the root drive of the web servers. An administrator is considering several possible solutions to prevent future outages.
Which of the following techniques is MOST likely to impact server performance if implemented?
The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.
Refer to the application dataflow:
1A – The end user accesses the application through a web browser to enter and view clinical data.
2A – The CTM application server reads/writes data to/from the database server.
1B – The end user accesses the application through a web browser to run reports on clinical data.
2B – The CTM application server makes a SOAP call on a non-privileged port to the BI application server.
3B – The BI application server gets the data from the database server and presents it to the CTM application server.
When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue.
See explanation below.
An upgrade to a web application, which supports 400 users at four sites, is being tested. The application runs on four servers behind a load balancer.
The following test plan is proposed:
Have 50 users from site A connect to server 1 Have 50 users from site B connect to server 2 Have 50 users from site C connect to server 3 Have 50 users from site D connect to server 4
Which of the following parameters is being properly tested by this plan?
A cloud administrator has configured a connection between two virtual private cloud environments at a public cloud provider that are each in different accounts. The administrator has configured the accounts correctly so they can connect to each other’s resources. Both cloud environments have policies that allow anyone from 0.0.0.0/0 on TCP port 22. The following table shows the network configuration information:
However, the administrator is unable to establish an SSH connection from a server in 10.250.40.100 to 10.250.48.214. Which of the following is the MOST likely issue?
A new browser version has been deployed to all users at a company. After the deployment, users report that they can no longer access the company's secure time-card system, which is hosted by a SaaS provider. A technician investigates and discovers a security error is received upon opening the site. If the browser is rolled back to the older version, the site is accessible again. Which of the following is the MOST likely cause of the security error users are seeing?
An entertainment company with a very large movie library is moving all of its production systems to an IaaS cloud. The current lease is expiring in the next month, and the company made a last-minute decision not to renew the lease.
Which of the following would be the MOST effective way to move all the data to the new cloud provider?
A company is migrating its application to a cloud provider. Six months before going live, a representative from each stakeholder group validated the functionality and performance in the QA environment and did not identify any issues. After going live, the system response time is slower that the testing environment. Which of the following is the MOST likely gap in the testing plan?
A company has moved all on-premises workloads into a public cloud. After some time, the cloud engineer starts noticing time drifts on the VMs and suspects an NTP issue. Time drifts were not an issue when all the workloads were on-premises. Which of the following describes how the cloud engineer should resolve the issue?
Following is a sample result from a recently completed load test.
Based on the information provided, which of the following would be the BEST recommendation?
A cloud engineer is required to ensure all servers in the cloud environment meet requirements for PCI compliance. One of the requirements is to make certain all administrator logins and commands are logged. Which of the following is the BEST approach to meet these requirements?
A cloud administrator notices three additional servers running in the company's account at a new public cloud provider. After a discussion with the development team, the administrator is unable to determine who
deployed the servers, and a review of the change management board's minutes does not provide any additional insight.
Which of the following is the BEST approach for the administrator to take?
A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14- day retention policy for all logs. Which of the following is the BEST solution to implement to minimize future alerts?
A cloud technology vendor has released an update to its product. A company providing cloud services need to quickly adopt the update to provide support to its customers.
Which of the following is the MOST efficient action to complete this task?
A consumer is performing a comparison between different IaaS providers for upcoming cloud migrations.
Which of the following is the MOST appropriate option to make a comparison for the selection process?
A customer wants to remove a user’s access to the SaaS CRM system. Which of the following methods should be executed FIRST?
A system's application servers need to be patched. The requirements for maintenance work are as follows:
System downtime is not allowed.
The application server in use must be in the sane patch status. System performance must be maintained during patching work.
Testing after patching must be done before the application server is in use. If any trouble occurs, recover the previous version in ten minutes.
Which of the following methodologies should be selected?
Company A has just implemented a SaaS-based cloud storage solution. The SaaS solution provides services for both commercial and personal use. The IT department has been tasked to migrate all the on-premises file shares to the SaaS solution with the username being the corporate email address. The IT department is currently using am IAM solution to provision the accounts in the SaaS solution. Upon execution of the account creation process, the IT department is receiving multiple “unable to create account” alerts. Which of the following is the MOST likely cause?
A company wants to leverage a SaaS provider for its back-office services, and security is paramount. Which of the following solutions should a cloud engineer deploy to BEST meet the security requirements?
A VM was deleted by mistake today at 11:05 a.m. Below are the backups currently available for the VM:
Crash-consistent restore is acceptable. Which of the following backups should be chosen?
Which of the following solutions BEST complies with laws requiring secure data-at-rest for a critical application while keeping in mind the need for reduced costs?
A cloud administrator reports a problem with the maximum number of users reached in one of the pools. There are ten VMs in the pool, each with a software capacity to handle ten users. Based on the dashboard metrics, 15% of the incoming new service requests are failing. Which of the following is the BEST approach to resolve the issue?
A company uses SaaS and IaaS solutions from multiple cloud providers. Users report that this requires them to manage and remember multiple user accounts and passwords. Which of the following solutions should be implemented to fix this issue?
A cloud engineer recently applied the troubleshooting process for a major connectivity issue. Which of the following is the FINAL step in the troubleshooting methodology?
A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are MOST appropriate for the hardening process? (Select TWO).
A software solution must be deployed based on the most granular access level. Which of the following methods should be used to meet the requirements?
A customer recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue. Which of the following maintenance activities does the provider need to perform to prevent this issue?
The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window. Which of the following is the MOST efficient way to get the patches installed?