Answers to Assessment Test
1 D. On-demand cloud computing allows the consumer to add and change resources dynamically with the use of an online portal.
2 B. The interconnection of multiple cloud models is referred to as a hybrid cloud.
3 C. Resource pooling is the allocation of compute resources into a group, or pool, and then these pools are made available to a multitenant cloud environment.
4 A. Infrastructure as a service offers computing hardware, storage, and networking but not applications.
5 B. Platform as a service offers computing hardware, storage, networking, and the operating systems but not the applications.
6 A, B, E. Elasticity, on-demand computing, and pay-as-you-grow are all examples of being able to expand cloud compute resources as your needs require.
7 B, D. One of the prime advantages of cloud-based computing and the automation and virtualization it offers in the background is the ability to leverage the rapid provisioning of virtual resources to allow for on-demand computing.
8 C. Software as a service offers cloud-managed applications as well as the underlying platform and infrastructure support.
9 C. The shared responsibility model outlines what services and portions of the cloud operations the cloud consumer and the provider are responsible for.
10 A. Cloud operators segment their operations into regions for customer proximity, regulatory compliance, resiliency, and survivability.
11 D. A storage area network (SAN) is a high-speed network dedicated to storage transfers across a shared network. Block access is not a networking technology. Zoning is for restricting access to LUNs in a SAN, and VMFS is a VMware filesystem.
12 B, D, F. A hypervisor will virtualize RAM, compute, and storage; the VMs operating on the hypervisor will access these pools.
13 C. A private cloud is used exclusively by a single organization.
14 C. Authentication is the term used to describe the process of determining the identity of a user or device.
15 C. Storage area networks support block-based storage.
16 A, C, E. Application programming interfaces, command-line interfaces, and GUI-based interfaces are all commonly used tools to migrate, monitor, manage, and troubleshoot cloud-based resources.
17 D. A community cloud is used by companies with similar needs such as railroad companies.
18 D. RAID 5 uses parity information that is striped across multiple drives, which allows the drive array to be rebuilt if a single drive in the array fails. The other options do not have parity data.
19 B. When migrating a server that is running on bare metal to a hypervisor-based system, you would be performing a physical-to-virtual migration.
20 D. Multifactor authentication systems use a token generator as something you have and a PIN/password as something you know.
21 B. Two-factor authentication includes something you have and something you know.
22 A. The mandatory access control approach is implemented in high-security environments where access to sensitive data needs to be highly controlled. Using the mandatory access control approach, a user will authenticate, or log into, a system. Based on the user's identity and security levels of the individual, access rights will be determined by comparing that data against the security properties of the system being accessed.
23 C. The question outlines the function of a role-based access control approach.
24 B. The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is the process for computer systems' IT security. DIACAP compliance is required to be certified to meet the U.S. Department of Defense security requirements for contractors.
25 B. The platform-as-a-service model offers operating system maintenance to be provided by the service provider.
26 B. Single sign-on allows a user to log in one time and be granted access to multiple systems without having to authenticate to each one individually.
27 B. The security policy outlines all aspects of your cloud security posture.
28 C. IPsec implementations are found in routers and firewalls with VPN services to provide a secure connection over an insecure network such as the Internet.
29 B. The Health Insurance Portability and Accountability Act defines the standards for protecting medical data.
30 C. Advanced Encryption Standard is a symmetrical block cipher that has options to use three lengths, including 128, 192, and 256 bits. AES 256 is a very secure standard, and it would take an extremely long time and a lot of processing power to come even close to breaking the code.
31 C, D. Temporary storage volumes that are destroyed when the VM is stopped are referred to as ephemeral or nondurable storage.
32 C. Applying security applications on a virtual server will cause an increase in CPU usage.
33 C. A dashboard is a graphical portal that provides updates and an overview of operations.
34 C. Ultimately the responsibility for data in the cloud belongs to the organization that owns the data.
35 C. An application programming interface (API) offers programmatic access, control, and configuration of a device between different and discrete software components.
36 C. Automation of cloud deployments was instrumental in the growth of cloud-based services.
37 C. Intrusion prevention systems monitor for malicious activity and actively take countermeasures to eliminate or reduce the effects of the intrusion.
38 B, D. One-time numerical tokens are generated on key fob hardware devices or smartphone soft-token applications.
39 B. SSL/TLS is most commonly used with web and smartphone applications. MD5 is a hash algorithm. IPsec is used to create VPNs over a public network, but VPNs are not as common as SSL/TLS for the scenario given.
40 C. Based on the information given, the description is for a vendor-based management application.
41 B. A patch is a piece of software that updates an application or operating system, to add a feature, fix a bug, or improve performance.
42 C. Blue-green is a software deployment model that uses two configurations for production that are identical to each other. These deployments can alternate between each other, with one active and the other inactive.
43 C. Incremental backups are operations based on changes of the source data since the last incremental backup was performed.
44 B. A snapshot is a file-based image of the current state of a VM, including the complete operating system and all applications stored on it. The snapshot will record the data on the disk and optionally its memory contents at that instant in time.
45 C. Orchestration systems enable large-scale cloud deployments by automating operations.
46 A, C, E. Common automation offerings are Chef, Puppet, and Ansible.
