Q1. A company wants to build an IaaS cloud to host cloud-native applications. On which areas should a cloud architect focus when gathering requirements for this cloud design?
A. Automation, multi-tenancy, and hardware availability
B. Automation, hardware availability, and policy compliance
C. Hardware availability, policy compliance, and multi-tenancy
D. Policy compliance, automation, and multi-tenancy
Answer: C
Explanation: * Multi-tenancy
Infrastructure as a Service is very similar to what we've known as hosting or collocation services, just painted with bright cloudy colors. Multi-tenant services are any services that you offer to multiple customers, or "tenants." In most cases, IaaS and multi-tenant services mean the same thing, although you could also implement storage- or database- related multi-tenant service.
* Hardware
In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
Note: Infrastructure as a Service (IaaS) is a form of cloud computing that provides virtualized computing resources over the Internet.
Explanation: References:
http://www.interoute.com/what-iaas
http://searchtelecom.techtarget.com/answer/How-do-Infrastructure-as-a-Service-and-multi-tenant-servicesdiffer
Q2. You are designing consumer compute resources in an onsite private cloud. During an assessment, you discover that the organization's IT staff wants secure access to the underlying host OS. What should be included in the design to support this requirement?
A. Host IDS configurationSecure key infrastructure Bridged management network
B. Perimeter firewall configuration VPN encryption Separate management network
C. Host OS firewall configuration Central logging Physically isolated management network
D. Host OS firewall configuration Secure key infrastructure Separate management network
Answer: B
Q3. Which categories of network traffic should be isolated from inter-host communication and each other?
A. Logging and messaging
B. Cloud services and administration
C. Administration and storage
D. Messaging and storage
Answer: B
Q4. A cloud architect is designing a hybrid cloud for an organization. A requirement for this environment is that the private cloud user credential be trusted by both cloud provisioning APIs. Which type of authentication will meet this requirement?
A. Federated authentication
B. Asymmetric encryption
C. Symmetric encryption
D. Shared-key authentication
Answer: A
Explanation: A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Explanation: References:
https://en.wikipedia.org/wiki/Federated_identity
Q5. An organization has internal applications that require block, file, and object storage. They anticipate the need for multi-PB storage within the next 18 months. In addition, they would prefer to use commodity hardware as well as open source technologies. Which solution should be recommended?
A. Cinder
B. Hadoop
C. Swift
D. Ceph
Answer: C
Explanation: OpenStack Swift Object Storage on EMC Isilon
EMC Isilon with OneFS 7.2 now supports OpenStack Swift API. Isilon is simple to manage, highly scalable (up to 30PB+ in a single namespace) and highly efficient (80%+ storage utilization) NAS platform.
Explanation: References:
http://samuraiincloud.com/2014/11/26/openstack-swift-object-storage-on-emc-isilon/
Q6. What describes the storage categories represented by OpenStack Swift and EMC XtremIO requirements?
A. Swift = Distributed Object StorageXtremIO = Central Storage
B. Swift = Central Storage XtremIO = Distributed File Storage
C. Swift = Distributed Block StorageXtremIO = Distributed Object Storage
D. Swift = Distributed File StorageXtremIO = Distributed Block Storage
Answer: A
Explanation: OpenStack Swift is a globally-distributed object storage with a single namespace that's durable enough for the most demanding private clouds and now brought to you in an easy-to-deploy/scale/manage system.
XtremIO is a flash-based Storage Array. Explanation:
References:
https://www.swiftstack.com/#testimonial/2 http://www.emc.com/collateral/white-papers/h11752-intro-to-XtremIO- array-wp.pdf
Q7. A cloud architect is designing a private cloud for an organization. The organization has no existing backup infrastructure. They want to offer consumers the ability to backup virtual machine instances using image-based backups.
What should the cloud architect look for when selecting a backup application for this environment?
A. Virtual machine hardware is on the backup application vendor's compatibility list
B. Hypervisor servers' hardware is on the backup application vendor's compatibility list
C. Backup application can be integrated with the selected CMP components
D. Backup application supports a cloud gateway for accessing the cloud-based virtual machines
Answer: D
Explanation: A cloud storage gateway provides basic protocol translation and simple connectivity to allow the incompatible technologies to communicate transparently. The gateway can make cloud storage appear to be a NAS filer, a block storage array, a backup target or even an extension of the application itself.
Explanation: References:
http://searchcloudstorage.techtarget.com/definition/cloud-storage-gateway
Q8. A cloud architect is evaluating an organization's need for encryption. Which type of encryption eliminates the requirement for key management?
A. Embedded
B. File-based
C. File system-based
D. Virtual disk
Answer: D
Explanation: The most convenient form of encryption is disk/volume encryption. If you have any data on an existing Virtual Machine (VM), you can easily add an encrypted disk or volume. Then, when you unmount the encrypted volume (or power off the server), as long as you don't store the encryption key on the server, your data is safe.
The drawback with this type of encryption however is that if your server gets compromised somehow, there is a possibility that the attacker could capture your passphrase/key (and/or data) the next time you mount the disk image. Incorrect:
Not C: Filesystem-level encryption, often called file/folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. Each file can be and usually is encrypted with a separate encryption key.
Explanation: References:
https://www.cloudsigma.com/securing-your-data-in-the-cloud-with-encryption/
Q9. An organization wants to provide backup services in the cloud. They have no backup infrastructure in place. The organization has concerns about losing data if a site disaster occurs. They want to maintain control of backup data placement because of data privacy laws. Finally, they want to maintain at least one month's worth of backups onsite. Which backup solution will meet these requirements?
A. Local backup
B. Remote backups
C. Local backup with replication
D. Local backups with cloud gateway
Answer: D
Explanation: Cloud gateway allows EMC customers to move on-premise data from EMC arrays to public cloud storage providers. Clod gateway facilitate data migration from on-premises to a public cloud storage service to create a true hybrid cloud storage environment.
Cloud gateways such as Riverbed's SteelStore (formally known as Whitewater) can act as a local backup target for funneling data to a storage cloud for offsite storage.
Explanation: References:
http://blogs.forrester.com/henry_baltazar/14-07-09-gateways_will_accelerate_data_migration_to_the_cloud
Q10. Which additional considerations must a cloud monitoring system address compared to a traditional monitoring system?
A. Tenant isolation, orchestration, and elastic workloads
B. Orchestration, elastic workloads, and Data at Rest security
C. Elastic workloads, Data at Rest security, and tenant isolation
D. Data at Rest security, tenant isolation, and orchestration
Answer: C
Explanation: * Encrypt data-at-rest
Encryption is your front-line defense for defending data-at-rest. It limits access to those with the right keys - locking out anyone who doesn't have them.