SIMULATION
A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1:
– Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server.
– Identify the problematic device(s).
Part 2:
– Iden tify the correct options to provide adequate configuration for hybrid cloud architecture.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1:
Cloud Hybrid Network Diagram
Part 2:
Only select a maximum of TWO options from the multiple choice question
SIMULATION
A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1:
– Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server.
– Identify the problematic device(s).
Part 2:
– Iden tify the correct options to provide adequate configuration for hybrid cloud architecture.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1:
Cloud Hybrid Network Diagram
Part 2:
Only select a maximum of TWO options from the multiple choice question
SIMULATION
A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1:
– Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server.
– Identify the problematic device(s).
Part 2:
– Iden tify the correct options to provide adequate configuration for hybrid cloud architecture.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1:
Cloud Hybrid Network Diagram
Part 2:
Only select a maximum of TWO options from the multiple choice question
SIMULATION
The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.
Refer to the application dataflow:
1A C The end user accesses the application through a web browser to enter and view clinical data.
2A C The CTM application server reads/writes data to/from the database server.
1B C The end user accesses the application through a web browser to run reports on clinical data.
2B C The CTM application server makes a SOAP call on a non-privileged port to the BI application server.
3B C The BI application server gets the data from the database server and presents it to the CTM application server.
When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue.
INSTRUCTIONS
You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.
You should ensure the firewall rules are allowing only the traffic based on the dataflow.
You have already verified the external DNS resolution and NAT are working.
Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A DevOps administrator is automating an existing software development workflow. The administrator wants to ensure that prior to any new code going into production, tests confirm the new code does not negatively impact existing automation activities.
Which of the following testing techniques would be BEST to use?
- A . Usability testing
- B . Regression testing
- C . Vulnerability testing
- D . Penetration testing
B
Explanation:
Reference: https://www.softwaretestinghelp.com/regression-testing-tools-and-methods/
A marketing team is using a SaaS-based service to send emails to large groups of potential customers. The internally managed CRM system is configured to generate a list of target customers automatically on a weekly basis, and then use that list to send emails to each customer as part of a marketing campaign. Last week, the first email campaign sent emails successfully to 3,000 potential customers. This week, the email campaign attempted to send out 50,000 emails, but only 10,000 were sent.
Which of the following is the MOST likely reason for not sending all the emails?
- A . API request limit
- B . Incorrect billing account
- C . Misconfigured auto-scaling
- D . Bandwidth limitation
A
Explanation:
Reference: https://developers.google.com/analytics/devguides/config/mgmt/v3/limits-quotas
A VDI administrator has received reports of poor application performance.
Which of the following should the administrator troubleshoot FIRST?
- A . The network environment
- B . Container resources
- C . Client devices
- D . Server resources
Due to a policy change, a few of a customer’s application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%.
Which of the following is the MOST likely cause?
- A . There is not enough vCPU assigned
- B . The application is not compatible with the new settings
- C . The new configuration is adding latency
- D . The memory of the VM is underallocated
An organization requires the following to be achieved between the finance and marketing departments:
– Allow HTTPS/HTTP.
– Disable FTP and SMB traffic.
Which of the following is the MOST suitable method to meet the requirements?
- A . Implement an ADC solution to load balance the VLAN traffic
- B . Configure an ACL between the VLANs
- C . Implement 802.1X in these VLANs
- D . Configure on-demand routing between the VLANs
A systems administrator is building a new virtualization cluster. The cluster consists of five virtual hosts, which each have flash and spinning disks. This storage is shared among all the virtual hosts, where a virtual machine running on one host may store data on another host.
This is an example of:
- A . a storage area network
- B . a network file system
- C . hyperconverged storage
- D . thick-provisioned disks
A company is utilizing a private cloud solution that is hosted within its datacenter.
The company wants to launch a new business application, which requires the resources below:
The current private cloud has 30 vCPUs and 512GB RAM available. The company is looking for a quick solution to launch this application, with expected maximum sessions to be close to 24,000 at launch and an average of approximately 5,000 sessions.
Which of the following solutions would help the company accommodate the new workload in the SHORTEST amount of time and with the maximum financial benefits?
- A . Configure auto-scaling within the private cloud
- B . Set up cloud bursting for the additional resources
- C . Migrate all workloads to a public cloud provider
- D . Add more capacity to the private cloud
A systems administrator recently upgraded the processors in a web application host. Upon the next login, the administrator sees a new alert regarding the license being out of compliance.
Which of the following licensing models is the application MOST likely using?
- A . Per device
- B . Per user
- C . Core-based
- D . Volume-based
C
Explanation:
Reference: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75a-a5b04179958b/percorelicensing_definitions_vlbrief.pdf
A systems administrator is informed that a database server containing PHI and PII is unencrypted. The environment does not support VM encryption, nor does it have a key management system. The server needs to be able to be rebooted for patching without manual intervention.
Which of the following will BEST resolve this issue?
- A . Ensure all database queries are encrypted
- B . Create an IPSec tunnel between the database server and its clients
- C . Enable protocol encryption between the storage and the hypervisor
- D . Enable volume encryption on the storage
- E . Enable OS encryption
An OS administrator is reporting slow storage throughput on a few VMs in a private IaaS cloud. Performance graphs on the host show no increase in CPU or memory.
However, performance graphs on the storage show a decrease of throughput in both IOPS and MBps but not much increase in latency. There is no increase in workload, and latency is stable on the NFS storage arrays that are used by those VMs.
Which of the following should be verified NEXT?
- A . Application
- B . SAN
- C . VM GPU settings
- D . Network
An organization has multiple VLANs configured to segregate the network traffic.
Following is the breakdown of the network segmentation:
– Production traffic (10.10.0.0/24)
– Network backup (10.20.0.0/25)
– Virtual IP network (10.20.0.128/25)
The following configuration exists on the server:
The backup administrator observes that the weekly backup is failing for this server.
Which of the following commands should the administrator run to identify the issue?
- A . ROUTE PRINT
- B . NETSTAT -A
- C . IPCONFIG /ALL
- D . NET SM
A
Explanation:
Reference: https://www.toolbox.com/tech/operating-systems/blogs/using-the-route-print-command-inwindows-7-022310/
A systems administrator is configuring RAID for a new server. This server will host files for users and replicate to an identical server. While redundancy is necessary, the most important need is to maximize storage.
Which of the following RAID types should the administrator choose?
- A . 5
- B . 6
- C . 10
- D . 50
C
Explanation:
Reference: https://mysupport.netapp.com/NOW/public/eseries/sam_archive1150/index.html#page/GUID8538272A-B802-49D9-9EA2-96C82DAD26A2/GUID-1BF9A33B-C3A1-487C-B8D8-5F2C14E3ED2E.html
Which of the following will mitigate the risk of users who have access to an instance modifying the system configurations?
- A . Implement whole-disk encryption
- B . Deploy the latest OS patches
- C . Deploy an anti-malware solution
- D . Implement mandatory access control
A systems administrator recently deployed a VDI solution in a cloud environment; however, users are now experiencing poor rendering performance when trying to display 3-D content on their virtual desktops, especially at peak times.
Which of the following actions will MOST likely solve this issue?
- A . Update the quest graphics drivers from the official repository
- B . Add more vGPU licenses to the host
- C . Instruct users to access virtual workstations only on the VLAN
- D . Select vGPU profiles with higher video RAM
D
Explanation:
Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/desktopvirtualization-solutions-vmware-horizon-view/whitepaper-c11-741606.pdf
An organization purchased new servers with GPUs for render farms. The servers have limited CPU resources.
Which of the following GPU configurations will be the MOST optimal for virtualizing this environment?
- A . Dedicated
- B . Shared
- C . Passthrough
- D . vGPU
A systems administrator needs to configure a set of policies to protect the data to comply with mandatory regulations.
Which of the following should the administrator implement to ensure DLP efficiently prevents the exposure of sensitive data in a cloud environment?
- A . Integrity
- B . Versioning
- C . Classification
- D . Segmentation
C
Explanation:
Reference: https://cloud.google.com/dlp/docs
A systems administrator wants to have near-real-time information on the volume of data being exchanged between an application server and its clients on the Internet.
Which of the following should the systems administrator implement to achieve this objective?
- A . A stateful firewall
- B . DLP
- C . DNSSEC
- D . Network flows
A company needs to rehost its ERP system to complete a datacenter migration to the public cloud. The company has already migrated other systems and configured VPN connections.
Which of the following MOST likely needs to be analyzed before rehosting the ERP?
- A . Software
- B . Licensing
- C . Right-sizing
- D . The network
A company wants to check its infrastructure and application for security issues regularly.
Which of the following should the company implement?
- A . Performance testing
- B . Penetration testing
- C . Vulnerability testing
- D . Regression testing
B
Explanation:
Reference: https://pure.security/services/technical-assurance/external-penetration-testing/
A company that utilizes an IaaS service provider has contracted with a vendor to perform a penetration test on its environment. The vendor is able to exploit the virtualization layer and obtain access to other instances within the cloud provider’s environment that do not belong to the company.
Which of the following BEST describes this attack?
- A . VM escape
- B . Directory traversal
- C . Buffer overflow
- D . Heap spraying
A
Explanation:
Reference: https://whatis.techtarget.com/definition/virtual-machine-escape
A systems administrator would like to reduce the network delay between two servers.
Which of the following will reduce the network delay without taxing other system resources?
- A . Decrease the MTU size on both servers
- B . Adjust the CPU resources on both servers
- C . Enable compression between the servers
- D . Configure a VPN tunnel between the servers
C
Explanation:
Reference: https://cseweb.ucsd.edu/~calder/papers/HPDC-01-DynComp.pdf
An administrator is performing an in-place upgrade on a quest VM operating system.
Which of the following can be performed as a quick method to roll back to an earlier state, if necessary?
- A . A configuration file backup
- B . A full backup of the database
- C . A differential backup
- D . A VM-level snapshot
D
Explanation:
Reference: https://cloud.google.com/compute/docs/tutorials/performing-in-place-upgrade-windows-server
After analyzing a web server’s logs, a systems administrator sees that users are connecting to the company’s application through HTTP instead of HTTPS. The administrator then configures a redirect from HTTP to HTTPS on the web server, and the application responds with a connection time-out message.
Which of the following should the administrator verify NEXT?
- A . The TLS certificate
- B . The firewall rules
- C . The concurrent connection limit
- D . The folder permissions
A
Explanation:
Reference: https://www.ionos.com/digitalguide/hosting/technical-matters/http-408-how-to-fix-the-requesttimeout-error/
A systems administrator is configuring a storage array.
Which of the following should the administrator configure to set up mirroring on this array?
- A . RAID 0
- B . RAID 1
- C . RAID 5
- D . RAID 6
B
Explanation:
Reference: https://www.enterprisestorageforum.com/storage-management/raid-levels.html
A company has developed a cloud-ready application. Before deployment, an administrator needs to select a deployment technology that provides a high level of portability and is lightweight in terms of footprint and resource requirements.
Which of the following solutions will be BEST to help the administrator achieve the requirements?
- A . Containers
- B . Infrastructure as code
- C . Desktop virtualization
- D . Virtual machines
A
Explanation:
Reference: https://blog.netapp.com/blogs/containers-vs-vms/
A global web-hosting company is concerned about the availability of its platform during an upcoming event. Web traffic is forecasted to increase substantially during the next week. The site contains mainly static content.
Which of the following solutions will assist with the increased workload?
- A . DoH
- B . WAF
- C . IPS
- D . CDN
D
Explanation:
Reference: https://www.globaldots.com/content-delivery-network-explained
An organization is hosting a cloud-based web server infrastructure that provides web-hosting solutions. Sudden continuous bursts of traffic have caused the web servers to saturate CPU and network utilizations.
Which of the following should be implemented to prevent such disruptive traffic from reaching the web servers?
- A . Solutions to perform NAC and DLP
- B . DDoS protection
- C . QoS on the network
- D . A solution to achieve microsegmentation
B
Explanation:
Reference: https://blog.paessler.com/the-top-5-causes-of-sudden-network-spikes
A developer is no longer able to access a public cloud API deployment, which was working ten minutes prior.
Which of the following is MOST likely the cause?
- A . API provider rate limiting
- B . Invalid API token
- C . Depleted network bandwidth
- D . Invalid API request
An organization is implementing a new requirement to facilitate users with faster downloads of corporate application content. At the same time, the organization is also expanding cloud regions.
Which of the following would be suitable to optimize the network for this requirement?
- A . Implement CDN for overall cloud application
- B . Implement auto-scaling of the compute resources
- C . Implement SR-IOV on the server instances
- D . Implement an application container solution
C
Explanation:
Reference: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/network_functions_virtualization_planning_and_configuration_guide/part-sriov-nfv-configuration
Which of the following cloud deployment models allows a company to have full control over its IT infrastructure?
- A . Private
- B . Cloud within a cloud
- C . Hybrid
- D . Public
A
Explanation:
Reference: https://www.sciencedirect.com/topics/computer-science/private-cloud
A cloud administrator is designing a multiregion network within an IaaS provider.
The business requirements for configuring the network are as follows:
– Use private networking in and between the multisites for data replication.
– Use low latency to avoid performance issues.
Which of the following solutions should the network administrator use within the IaaS provider to connect multiregions?
- A . Peering
- B . Gateways
- C . VPN
- D . Hub and spoke
A company has decided to get multiple compliance and security certifications for its public cloud environment.
However, the company has few staff members to handle the extra workload, and it has limited knowledge of the current infrastructure.
Which of the following will help the company meet the compliance requirements as quickly as possible?
- A . DLP
- B . CASB
- C . FIM
- D . NAC
The human resources department was charged for a cloud service that belongs to another department. All other cloud costs seem to be correct.
Which of the following is the MOST likely cause for this error?
- A . Misconfigured templates
- B . Misconfigured chargeback
- C . Incorrect security groups
- D . Misconfigured tags