In the deployment of Huawei Cloud Stack in Layer 2 networking mode, which of the following descriptions about the management firewall-related routing configuration is wrong?
- A . Configure a route with the destination address as the DMZ_Service plane to access tenant DNS_NTP, Console of each cloud service, and other virtual machines
- B . Configure a route with the destination address as the External_Relay_Network plane, which is used for tenant virtual machines to access traffic in the public service area of the internal network.
- C . Configure a route with the destination address as the External_OM plane to access the Public VRF in the management area
- D . Configure the default route pointing to the core InternetVRF to manage the traffic from the virtual machines in the management zone to the external network.
In Huawei Cloud Stack, the virtual machine HA is stuck in the intermediate state for a long time and cannot be automatically recovered. Which of the following descriptions of possible causes of the failure is wrong?
- A . Host management network abnormality
- B . Restart the nova-compute service
- C . RabbitMQ service loses messages
- D . The virtual machine is shut down by the user from within
Which of the following descriptions about the requirements for the Windows host source when using Rainbow for migration is wrong?
- A . Supports shared disk migration
- B . Paravirtualized system migration is not supported.
- C . Necessary migration service ports 445 and 8899 need to be opened
- D . Available memory needs to be greater than 512M
In Huawei Cloud Stack, an engineer is configuring WAF service for the enterprise portal website. After adding the protection domain name, the domain name fails to connect to WAF. The "Domain name connection progress" of the protection website does not show "#$% connected #$%". Which of the following is not a possible cause of the failure?
- A . The protection website deployment mode selected is #$% cloud mode#$%
- B . No load balancer is configured for the WAF instance
- C . Access traffic does not meet WAF statistics requirements
- D . Domain name resolution is not configured or is wrongly configured
Kubernetes supports two different ways to create and manage Kubemnetes objects: imperative commands and object configuration. Which of the following descriptions of the differences between these two methods is wrong?
- A . Object configuration provides templates for creating new objects
- B . Object configuration does not provide a source of records other than live content
- C . Prescriptive commands are not integrated with the change review process
- D . Imperative commands do not provide an audit trail associated with the changes
Rainbow migration involves multiple steps. Which of the following is not part of the Rainbow migration process?
- A . Migration plan review
- B . Storage device resource planning
- C . Service switching and verification
- D . Synchronize data
A company plans to deploy Huawei Cloud Stack using a two-layer dual-core networking solution and use bare metal services to carry key businesses. The company’s engineers are required to design the network. Which of the following is wrong about the engineer’s network design?
- A . Compute node 4 network ports networking, management and business network ports combined deployment
- B . The business area storage uses Huawei distributed block storage for separate deployment, and a 4-port (management + storage) networking solution is designed.
- C . Configure 4 pairs of TORs, namely management TOR in the management area, management TOR in the business area, business TOR in the business area, and storage TOR in the business area
- D . The management node is configured with two independent service network ports connected to the bare metal server’s service access TOR
In Huawei Cloud Stack, when the tenant VM status is abnormal or the VM status is inconsistent with the power status, which of the following is not the cause of the failure?
- A . System internal abnormality or network abnormality occurs during the operation of the virtual machine
- B . The types of operations performed on virtual machines are only supported by some operating systems
- C . Perform two or more operations on a virtual machine at the same time, such as mounting a volume, unmounting a volume, mounting a network card, etc.
- D . The relevant files of the virtual machine on the host where the virtual machine is located are lost
The cloud computing era has brought challenges to the operation and maintenance of traditional data centers. Operation and maintenance personnel will face a surge in business volume and ever-changing business models. Which of the following descriptions of the functions that enterprise I operation and maintenance needs to achieve is wrong?
- A . It can streamline and standardize the change process and reduce unexpected service interruptions caused by changes
- B . Can reduce the complexity of data center configuration management and achieve automation or one-click operation
- C . Capable of self-locating and self-recovering system faults, with high operation and maintenance efficiency and low operation and maintenance costs.
- D . Able to intuitively and comprehensively discover problems and identify potential risks in the system, and proactively prevent accidents.
Kubernetes will track the status of each container in the Pod. Which of the following descriptions of the status of the containers in the Pod is wrong?
- A . If the container is in the Terminated state, you cannot query the reason why the container entered this state, exit code and other information.
- B . If the container is in the Running state, it means that the container is in normal operation.
- C . If the container is not in the Running or Terminated state, it is in the Waiting state.
- D . If the container is in the Terminated state, it means that the container has ended normally or failed to execute for some reason.
In the Rainbow migration tool, which of the following descriptions about the source check result analysis is correct?
- A . If the remote check result is "passed", it means that the source host can be migrated, but there may be migration risks or some configurations after migration may be inconsistent with the source host.
- B . If the remote check result is "#$% failed", it means that the source end does not meet the migration conditions. You can view the reason in the source end details.
- C . If the remote check result is "#$% passed", it means that the remote host meets the migration conditions and can be migrated.
- D . If the source check result is "#$% failed", it means that the source host can be migrated, but there may be migration risks or some configurations after migration are inconsistent with the source host.
In Huawei Cloud Stack, which of the following descriptions of the concepts in Key Management Service (KMS) is wrong?
- A . Envelope encryption refers to sealing the data key of encrypted data into an envelope for storage, transmission and use. Data can be directly encrypted and decrypted without the user’s master key.
- B . The user master key is mainly used to encrypt and protect the data encryption key. One user master key corresponds to encrypting one data encryption key.
- C . The hardware security module is a hardware device that safely generates, stores, manages and uses keys and provides encryption processing services.
- D . The default master key is automatically generated when the user uses EWS encryption through the corresponding cloud service for the first time. The default master key is independent between different tenants and between different services of the same tenant.
In Huawei Cloud Stack, which of the following is not a service that uses virtualization and is deployed in the management node?
- A . DPA
- B . FusionCare
- C . CloudNetDebug
- D . eSight
Which of the following descriptions of the Huawei Cloud Stack standard installation process is wrong?
- A . Automatically install the basic management node and manually install the KVM computing node
- B . The execution machine installs the HUAWEI CLOUD Stack Deploy node by mounting the ISO image
- C . The execution machine uploads the software package to the HUAWEICLOUD Stack Deploy node
- D . HUAWEI CLOUD Stack Deploy node network port and execution machine intercommunication
An enterprise uses CCE cluster to deploy business containers. The autoscaler plug-in has been installed in advance and automatic node scaling has been enabled. However, when the cluster nodes are in a space state for a period of time (10 minutes by default), the node scaling action is not triggered. Which of the following descriptions of possible reasons is wrong?
- A . Pod is set up with local storage
- B . The node has a Pod created using a controller (Deployment/ReplicaSet/Job/StatefulSet)
- C . The Pod has some restrictions set, such as affinity, anti-affinity and other policies, and cannot be scheduled to other nodes
- D . The Pod has a PodDisruptionBudget set, but the corresponding condition is not met when removing the Pod
An enterprise needs to deploy Huawei Cloud Stack using a three-layer network. When the enterprise engineer is installing the network availability zone, which of the following descriptions about using HUAWEI CLOUDStack Deploy to install and configure is wrong?
- A . On the "Deploy and expand automation engineering" page, you need to select "Expand network resources"
- B . In the project configuration page, you need to turn on the "Add compute plane network subnet" option
- C . In the project configuration page, select "Huawei distributed block storage separate deployment" for the business storage option.
- D . In the project configuration page, you need to enable the option "Business storage enables three-layer networking"
When expanding business storage resources in Huawei Cloud Stack, which of the following descriptions of the networking scenario is wrong?
- A . When expanding the storage pool in the same Huawei distributed storage cluster, the networking type of the expanded storage node can be different from the original storage node networking type.
- B . When expanding storage devices in the same AZ, you need to ensure that the networking type of the expanded storage device is consistent with the original storage networking type.
- C . When creating a new backend EVS storage pool, if Huawei distributed block storage is used as the backend storage, only 10GE and 25GE TCP/IP networking is supported.
- D . When creating a new backend EVS storage pool, if you choose to use SAN storage, only IP and FC networking are supported.
In the Huawei Cloud Stack solution, CSBS & VBS services can be deployed to support volume or host backup. When OceanStor5500V3/V5 is selected as the backup storage, which of the following analyses of the backup storage planning is correct?
- A . The two network ports of the 10GE network cards on the two controllers need to be bound separately, and the two network ports need to be bound to different drift groups to provide backup services.
- B . Each disk domain can create a storage pool. The RAID6 strategy can be flexibly configured, with a maximum of 26D+2P.
- C . A single disk domain cannot have more than 48 disks, and the disks in the same disk domain should come from different engines as much as possible.
- D . eBackup has no limit on the size of the file system. Each storage pool needs to create multiple file systems to be assigned to the backup server.
In Huawei Cloud Stack, which of the following understandings about Huawei Cloud resource expansion is wrong?
- A . When adding new nodes, if the number of nodes exceeds the upper limit of the current management scale, you need to expand the management scale first, and then add new nodes.
- B . When creating a new AZ, you can choose to deploy the management plane and business plane of the new AZ together or separately.
- C . When creating a new AZ, if the new AZ shares Huawei’s distributed block storage pool with the original AZ, the storage backend thin allocation ratio of the new AZ must be consistent with the original AZ configuration.
- D . When creating a new AZ, all nodes in the new AZ must have the same hardware architecture and virtualization type.
In Huawei Cloud Stack, which of the following descriptions about the Cloud Firewall CFW service is wrong?
- A . Supports definition of protection objects based on business tags
- B . The expansion policy automatically inherits the access policy configured for the first time according to the business access relationship
- C . Supports visual traffic topology diagrams, which can assist customers in completing semi-automatic configuration of security rules
- D . If two cloud servers are in the same subnet, access isolation through this service is not supported
Which of the following descriptions of Kubernetes-related concepts is wrong?
- A . The Master node is the cluster control node. Each cluster requires at least one Controller node to be responsible for cluster control.
- B . Node is the workload node, and Docker on the Node is responsible for running the container
- C . NamesSpace is used to classify Pods. Pods of the same type have the same NameSpace.
- D . Pod is the smallest control unit of Kubernetes. Containers are run in Pods. A Pod can run one or more containers.
Which of the following descriptions about Huawei Cloud Stack computing resource expansion is wrong?
- A . If you use Huawei CloudStack Deploy to expand capacity, the cbs-server component will be stopped during the pre-expansion check phase. At this time, a "component failure" error will be reported. The component details are cbs-server, which can be ignored.
- B . During the expansion of computing nodes, some components need to be restarted to take effect, which will not affect the business
- C . Business delivery is not allowed during the expansion period, and new business delivery may fail
- D . During the expansion period, the server to be expanded will restart multiple times, and may report an "abnormal host status" alarm, which needs to be handled manually.
An enterprise needs to use Cloud Container Engine (CCE) to implement high-availability deployment of business containers. Which of the following is not a deployment principle that the enterprise should follow for business deployment?
- A . Set workload affinity rules to distribute Pods on the same node in the same availability zone as much as possible to ensure horizontal business interaction performance
- B . When creating a workload, the number of instances must be greater than 2.
- C . The cluster selects the high availability mode of 3 control nodes
- D . Create multiple node pools, deploy different node pools in different availability zones, and expand nodes through node pools
A company deployed the Rainbow tool (default configuration) to migrate business hosts. The company’s IT engineer modified the login account and password of the server where Rainbow was deployed for operation and maintenance needs. Which of the following descriptions of the impact of this operation by the engineer is correct?
- A . The database administrator account needs to be modified synchronously
- B . The Tomcat running account needs to be modified synchronously
- C . Database business accounts need to be modified synchronously
- D . The database operation account needs to be modified synchronously
An enterprise uses Huawei Cloud Stack to carry private cloud services. It currently deploys an ARM architecture computing resource pool and uses IP-SAN to carry business storage. Due to the expansion of business scale, it needs to expand the corresponding resources. Which of the following analyses about the expansion of the enterprise’s resources is correct?
- A . KVM resources and BMS resources can be planned in the newly created AZ at the same time
- B . Create a new storage pool first and register a new storage backend. It is not recommended to expand the capacity of the original storage pool.
- C . When newly deploying X86 computing resources, you can directly expand them to the original resource pool
- D . When multiple AZs are expanded and share a storage pool, the storage backend and thin allocation ratio of each AZ must remain the same
An engineer is designing cloud server backup and cloud disk backup services for the Huawei Cloud Stack deployed by his company. Which of the following descriptions of the engineer’s network plane planning is correct?
- A . The Product Storage plane is isolated from the storage plane of the computing nodes.
- B . eBackup_OM plane reuses OM_Service plane
- C . The eBackup_Storage plane communicates with the backup storage management plane
- D . The eBackup_OM plane communicates with the production storage management plane
When an enterprise engineer was performing routine maintenance on Huawei Cloud Stack, he found that all the requests for the deployed key management service were responded to, but some of the responses were failure information. Which of the following descriptions of the possible causes of this phenomenon is wrong?
- A . Network failure between the key management service and the database
- B . The KMS process of scc-Serice is abnormal
- C . A single HSM fails and cannot provide external services
- D . The network between the key management service and the HSM is disconnected
Which of the following descriptions of the Region concept in Huawei Cloud Stack is wrong?
- A . Region belongs to the regional concept of L0 layer, that is, geographical area
- B . The management planes in the region are interconnected, and some high-security services can be deployed in a separate region.
- C . If the latency between physical data centers exceeds 100ms, they need to be planned into different regions.
- D . Region is a circle with delay as radius
Which of the following is not a component of Kubarnetes?
- A . kube-scheduler
- B . kube-conductor
- C . kube-controller-manager
- D . kube-apiserver
In Huawei Cloud Stack, which of the following descriptions about the VRF function design is wrong?
- A . Internet VRF is used to carry traffic outside the Huawei Cloud Stack area
- B . Public VRF is used to carry east-west traffic of virtual machines in the business area and VxLAN traffic from virtual machines to network nodes
- C . OMAccess VRF mainly carries remote operation and maintenance access or local operation and maintenance access traffic
- D . DMZ VRF is used to carry internal operation and maintenance management traffic and various cloud service internal data communication traffic
Which of the following descriptions of the Pod lifecycle in Kubernetes is wrong?
- A . Pods cannot survive being evicted due to node resource exhaustion or node maintenance.
- B . Pod itself has self-healing capabilities. If a Pod is scheduled to a node and the node fails later, the Pod will automatically try to schedule to another node.
- C . If the Pod is deleted for some reason, the objects associated with the Pod (such as volumes) will also be deleted
- D . When a Pod is deleted, the kubectl command will show that the status of the Pod is Terminating.
In Rainbow migration, which of the following descriptions about the destination virtual machine is wrong?
- A . When selecting the destination virtual machine, you must select the correct port group for the network card, otherwise the destination virtual machine will not be able to connect after configuring the IP.
- B . The CPU and memory specifications of the destination virtual machine must be equal to those of the source virtual machine
- C . When creating a Windows destination VM, if you create it through VRM, all disks must be set to "Slave" in "Disk Mode".
- D . When creating a destination virtual machine, you must add a description containing the "Rainbow" field to the destination virtual machine.
A bank deployed CBH service in Huawei Cloud Sack for resource management and management audit. When the bank administrator logged into the cloud bastion system for daily operation and maintenance, the connection with the bastion was interrupted. After checking the system error code, it was prompted that "the user connection was forcibly disconnected". Which of the following operations cannot effectively help the administrator locate the cause of the failure?
- A . Log in to the cloud bastion system and check the historical session logs to see if there are any records of forced interruptions.
- B . Log in to the cloud bastion system to check whether the login timeout configuration is reasonable
- C . Check whether the host account has remote login permissions enabled for the resource account
- D . Check whether the user account has been logged out by the administrator
When the Huawei Cloud Stack administrator accesses the Enterprise Host Security Service Console page, he finds an error message on the page: "#$% Failed to query vulnerability information". Which of the following descriptions of the possible causes of this failure is wrong?
- A . Middleware Mysql exception
- B . Middleware Redis exception
- C . Middleware Kafka exception
- D . HSS-neuron-access server component is abnormal
The YAML file corresponding to the Kubernetes object involves multiple configuration fields. Which of the following descriptions of these configuration fields is wrong?
- A . metadata describes some data that uniquely identifies the object, including the name string, UID, and optional NameSpace
- B . kind describes the type of object you want to create
- C . spec describes the current running status of the object
- D . apiVersion describes the version of the Kubernetes API used to create the object
An enterprise has newly deployed Huawei Cloud Stack for testing services. The enterprise IT engineer wants to use the CPS CLI command to view the current host status. After executing the command, the error "Connection refused" is returned. Which of the following descriptions of possible causes of the failure is wrong?
- A . Node operating system file is abnormal
- B . The socket port of the host where the control node is located that provides CPS service is abnormal
- C . Node network failure
- D . When the authentication mode is turned on, the DNS configuration is wrong, resulting in the CPS command being unavailable.
Which of the following is not a component or service that needs to be installed when deploying Huawei Cloud Stack?
- A . Common components
- B . ManageOne
- C . FusionSphere OpenStack
- D . FusionCompute
In the Kubemetes system, Kubemetes objects are persistent entities that Kubemetes uses to represent the state of the entire cluster. Which of the following descriptions of Kubemetes objects is wrong?
- A . Kubernetes objects describe resource items that can be used by applications
- B . When creating a Kubernetes object, you must provide the object’s status to describe the desired state of the object.
- C . Kubernetes objects can describe application runtime performance strategies, such as restart strategies, upgrade strategies, and fault tolerance strategies
- D . Kubernetes objects describe which containerized applications are running
Which of the following analyses of the CFW service flow in Huawei Cloud Stack is correct?
- A . CFW-ES/CFW-DF reads the traffic information of the ECS from CFW-Service
- B . Users create and manage different attributes through the cloud firewall interface on the ManageOne operation and maintenance interface
- C . Neutron writes traffic information of the elastic cloud server to CFW-Service
- D . CFW-Service calls the FWaaS interface provided by Neutron to complete the creation of rules
Which of the following descriptions of the main functions of Kubernetes is wrong?
- A . If a service starts multiple containers, it can automatically achieve load balancing of requests
- B . A service can find the services it depends on through automatic discovery
- C . The number of running containers in the cluster can be automatically adjusted as needed
- D . When a newly released program version is found to have problems, Kubernetes can automatically roll back to the previous version to correct it.
Which of the following does not belong to the operation and maintenance role of Huawei Cloud Stack?
- A . System Administrator
- B . Southbound Administrator
- C . Security Administrator
- D . Security Auditor
In Huawei Cloud Stack, which of the following MRS service components can support real-time access of messages from a large number of cars?
- A . Spark
- B . Kafka
- C . HDFS
- D . Hbase
Which of the following is not a pull strategy for container images in Kubernetes?
- A . Never
- B . lfNotPresent
- C . lfPresent
- D . Always
In Huawei Cloud Stack, which of the following descriptions about the EdgeFW service is wrong?
- A . The border firewall is for east-west traffic between internal networks in the cloud data center.
- B . Support intrusion detection and prevention (IPS) and network antivirus (AV) functions with elastic IP as the protection object
- C . Supports viewing log details based on source, destination IP, date, attack event, protocol, etc.
- D . Deployed at the boundary of internal and external networks, it is a bridge connecting the internal network and the external network.
In the Huawei Cloud Stack solution, which of the following is wrong about the basic networking design?
- A . In a three-layer network, the management plane and the business plane need to be physically isolated.
- B . In dual-core networking, the management plane and the business plane are physically isolated
- C . In single-core networking, there is no requirement for physical isolation between the management plane and the business plane
- D . When single core networking is used, support for combined deployment of management area TOR and business area TOR
When an enterprise engineer uses Cloud Container Engine (CCE) to create a business workload, the system reports an error as shown in the figure below. Which of the following descriptions of the cause of the error is correct?
- A . The remote image repository uses an unknown or insecure certificate
- B . The number of public images pulled has reached the upper limit
- C . Unable to connect to the image repository, network is down
- D . The image is too large and the connection fails
In Huawei Cloud Stack, which of the following descriptions about VBS service backup business flow analysis is wrong?
- A . Karbor will send both the snapshot creation command and the backup command to Cinder.
- B . eBackup Server&Proy is responsible for writing backup data into backup storage
- C . Cinder Driver is responsible for creating backup snapshots on production storage
- D . eBackup Driver is responsible for mounting volume snapshots from production storage to obtain full backup or incremental backup data.
In Huawei Cloud Stack, which of the following analyses of the core switch routing design is wrong?
- A . Equal-cost routes pointing to the ENAT cluster. The destination address needs to be configured as the loopback address of the ENAT cluster.
- B . For equal-cost routes pointing to the BR cluster, the destination address needs to be configured as the Turmnel_Bearing plane address assigned to the BR cluster
- C . For equal-cost routes pointing to the vRouter cluster, the next-hop address needs to be configured as the Tunnel_Bearing plane address assigned to the vRouter cluster.
- D . The next hop address of the equal-cost route pointing to EIP_Pool needs to be configured as the interface IP of BR connected to the public network
Which of the following is not a pre-operation before Huawei Cloud Stack expansion?
- A . DMK account password verification
- B . OpenStack management node password check
- C . Check the password of the administrator of ManageOne operation interface
- D . FusionSphere public virtual machine password check
In Huawei Cloud Stack, which of the following descriptions of the design of various security services is wrong?
- A . The CBH service business plane is deployed in the Pod area and needs to occupy computing node resources.
- B . The CSP service management plane is connected to the External-OM plane, eliminating the need to plan an independent network plane
- C . HSS service is deployed using virtual machines, which only requires additional cloud platform management node resources, without special hardware requirements
- D . WAF only supports single-region deployment. All WAF service components need to be deployed in the same region.