Q1. In addition to the operating system, what other components does the consumer manage in an IaaS cloud service model?
A. Application, data, storage, and physical networking
B. Data, middleware, application, and runtime
C. Runtime, physical servers, application, and middleware
D. Middleware, runtime, hypervisor, and application
Answer: B
Explanation: In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
IaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles. Figure: Cloud-computing layers accessible within a stack
Incorrect:
Not A: not Physical networking not C: Not physical servers. Not D: Not Hypervisors. Explanation:
References: http://www.interoute.com/what-iaas
Q2. Which aspect of the project definition does the cloud design scope provide?
A. Broad directions for the project
B. Boundaries of what the project should and should not include
C. Sales figures that must be met when designing the project
D. Specific features or functions that must be included in the project
Answer: D
Q3. A cloud architect is designing a hybrid cloud for an organization. A requirement for this environment is that the private cloud user credential be trusted by both cloud provisioning APIs. Which type of authentication will meet this requirement?
A. Federated authentication
B. Asymmetric encryption
C. Symmetric encryption
D. Shared-key authentication
Answer: A
Explanation: A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Explanation: References:
https://en.wikipedia.org/wiki/Federated_identity
Q4. An organization plans to deploy many cloud-native applications that will generate a considerable amount of east-west traffic. The cloud-native applications will be deployed on hosts running hyppervisors. Why would distributed routers be considered in this design?
A. Enable network segment
B. Improve network performance between hosts
C. Minimize Internet traffic
D. Protect against a physical router failure
Answer: B
Explanation: Distributed Virtual Router (DVR) aims to isolate the failure domain of the traditional network node and to optimize network traffic by eliminating the centralized L3 agent. It does that by moving most of the routing previously performed on the network node to the compute nodes.
* East/west traffic (Traffic between different networks in the same tenant, for example between different tiers of your app) previously all went through one of your network nodes whereas with DVR it will bypass the network node, going directly between the compute nodes hosting the VMs. Etc. Explanation:
References:
http://assafmuller.com/2015/04/15/distributed-virtual-routing-overview-and-eastwest-routing/
Q5. What needs to be considered when designing a distributed storage solution?
A. Multiple management tools
B. Fault domain detection and isolation to ensure data availability
C. RAID configuration to ensure a drive failure is avoided
D. Automated storage tiering to enable efficient use of drive
Answer: B
Explanation: A distributed data store is a computer network where information is stored on more than one node, often in a replicated fashion. Distributed data stores typically use an error detection and correction technique. Some distributed data stores (such as Parchive over NNTP) use forward error correction techniques to recover the original file when parts of that file are damaged or unavailable. Others try again to download that file from a different mirror. Explanation:
References: https://en.wikipedia.org/wiki/Distributed_data_store
Q6. A cloud architect has determined that the cloud management infrastructure requires an authentication and PKI environment. In addition, each tenant will require its own authentication and PKI environment. What describes these separate environments in a cloud design document?
A. Availability zones
B. Fault domains
C. Multi-tenancy
D. Trust zones
Answer: C
Explanation: The term "software multitenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the software instance.
Incorrect:
Not A: Availability zones (AZs) are isolated locations within data center regions from which public cloud services originate and operate.
Not B: A fault domain is a set of hardware components - computers, switches, and more - that share a single point of failure.
Not D: Zones of trust are a defined area of the system where by by necessity, by the presence of key information assets and by the wider environmental context the connections within the zone are treated as at the same level of trust. This effectively couples the components within that subsystem for security purposes.
References:
https://en.wikipedia.org/wiki/Multitenancy
Q7. What needs to be considered when designing a distributed storage solution?
A. Multiple management tools
B. Fault domain detection and isolation to ensure data availability
C. RAID configuration to ensure a drive failure is avoided
D. Automated storage tiering to enable efficient use of drive
Answer: B
Explanation: A distributed data store is a computer network where information is stored on more than one node, often in a replicated fashion. Distributed data stores typically use an error detection and correction technique. Some distributed data stores (such as Parchive over NNTP) use forward error correction techniques to recover the original file when parts of that file are damaged or unavailable. Others try again to download that file from a different mirror. Explanation:
References: https://en.wikipedia.org/wiki/Distributed_data_store
Q8. In a cloud design, an architect has defined a separate trust zone for host management. The hosts will be running open source hypervisors.
What should be included in the design deliverables to support this separate trust zone?
A. Isolated management network and a common super-user account
B. Separate PKI and encrypted CMI portal access
C. Separate authentication source and a preferred zone set
D. Isolated management network and a separate authentication source
Answer: D
Q9. An architect is designing the compute resource pools for a cloud. As part of the deliverables, the architect has included the standard specifications for the physical servers to be used. The organization has provided estimates for future growth but has concerns about whether these estimates are accurate. What should be included in the design to address these concerns?
A. A monitoring application and procedures for pool expansion
B. A chargeback application and orchestration workflows to auto-scale pools
C. A metering application and orchestration workflows to auto-scale pools
D. A configuration management application and procedures for pool expansion
Answer: A
Q10. An organization wants to provide its developers with the ability to deploy virtual machines. These virtual machines have software and libraries installed that are used to develop applications. Each virtual machine will be configured with the same IP address and will be able to download application code from a central server. Which will be included in the design to support these requirements?
A. VSANs and virtual firewall appliances
B. VLANs and virtual firewall appliances
C. VLANs and virtual IDS appliances
D. VXLANs and an OS firewall
Answer: D
Explanation: Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. VXLAN will make it easier for network engineers to scale out a cloud computing environment while logically isolating cloud apps and tenants.
Explanation: References:
http://whatis.techtarget.com/definition/VXLAN