Q1. An organization wants to deploy SaaS applications in their cloud. The SaaS applications will be using application HA to maintain up-time levels of 99.9%.
What should the cloud architect include in the design to support this up-time requirement?
A. Sufficient host capacity
B. Quorum disks
C. Replication licenses for hypervisors
D. HA licenses for hypervisors
Answer: D
Q2. A company wants to build an IaaS cloud to host cloud-native applications. On which areas should a cloud architect focus when gathering requirements for this cloud design?
A. Automation, multi-tenancy, and hardware availability
B. Automation, hardware availability, and policy compliance
C. Hardware availability, policy compliance, and multi-tenancy
D. Policy compliance, automation, and multi-tenancy
Answer: C
Explanation: * Multi-tenancy
Infrastructure as a Service is very similar to what we've known as hosting or collocation services, just painted with bright cloudy colors. Multi-tenant services are any services that you offer to multiple customers, or "tenants." In most cases, IaaS and multi-tenant services mean the same thing, although you could also implement storage- or database- related multi-tenant service.
* Hardware
In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
Note: Infrastructure as a Service (IaaS) is a form of cloud computing that provides virtualized computing resources over the Internet.
Explanation: References:
http://www.interoute.com/what-iaas
http://searchtelecom.techtarget.com/answer/How-do-Infrastructure-as-a-Service-and-multi-tenant-servicesdiffer
Q3. In addition to the operating system, what other components does the consumer manage in an IaaS cloud service model?
A. Application, data, storage, and physical networking
B. Data, middleware, application, and runtime
C. Runtime, physical servers, application, and middleware
D. Middleware, runtime, hypervisor, and application
Answer: B
Explanation: In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
IaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles. Figure: Cloud-computing layers accessible within a stack
Incorrect:
Not A: not Physical networking not C: Not physical servers. Not D: Not Hypervisors. Explanation:
References: http://www.interoute.com/what-iaas
Q4. An organization plans to build a cloud using some of the existing data center infrastructure. Specifically, they want to use the existing FC storage infrastructure to support cloud hosts. However, they want to logically separate the cloud storage traffic from the existing data center storage traffic within this infrastructure. Which mechanism can be used to meet this requirement?
A. MPIO
B. VLAN
C. VSAN
D. Masking
Answer: D
Explanation: The use of VSANs allows the isolation of traffic within specific portions of the network. If a problem occurs in one VSAN, that problem can be handled with a minimum of disruption to the rest of the network. VSANs can also be configured separately and independently.
Note: Virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources. Conversely, multiple switches can join a number of ports to form a single VSAN.
Incorrect:
Not A: Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays.
MPIO is protocol-independent and can be used with Fibre Channel, Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces in Windows Server® 2008, Windows Server 2008 R2 and Windows Server 2012.
Not D: Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. LUN masking operates at Layer 4 of the Fibre Channel protocol.
Reference: https://en.wikipedia.org/wiki/VSAN
Q5. An organization plans to deploy a spine/leaf network topology to support a cloud design. Leaf switches will use layer- 3 protocols to communicate with the spine switches. Hosts will each connect to two leaf switches using layer-2 protocols.
Which technology must be enabled between the host and leaf switches to provide the maximum throughput for a single data stream?
A. Generic Network Virtualization Encapsulation
B. Spanning Tree Protocol
C. Equal-Cost Multi-Path Routing
D. Multi-Chassis Aggregation
Answer: A
Explanation: Generic Network Virtualization Encapsulation (Geneve) is the peacemaking protocol drafted to unify VXLAN, NVGRE, and whatever other tunneling protocols emerge for network virtualization. Geneve doesn't exactly replace VXLAN and other protocols. Rather, it provides a common superset among them, so that outside software can provide hooks to Geneve rather than having to accommodate multiple encapsulation standards.
Note: NVGRE (Network Virtualization using Generic Routing Encapsulation) is a network virtualization technology that attempts to alleviate the scalability problems associated with large cloud computing deployments. It uses Generic Routing Encapsulation (GRE) to tunnel layer 2 packets over layer 3 networks. Its principal backer is Microsoft. Explanation:
References:
https://www.sdxcentral.com/articles/news/intel-supports-geneve-unify-vxlan-nvgre/2014/09/
Q6. In a cloud design, an architect has defined a separate trust zone for host management. The hosts will be running open source hypervisors.
What should be included in the design deliverables to support this separate trust zone?
A. Isolated management network and a common super-user account
B. Separate PKI and encrypted CMI portal access
C. Separate authentication source and a preferred zone set
D. Isolated management network and a separate authentication source
Answer: D
Q7. An organization has internal applications that require block, file, and object storage. They anticipate the need for multi-PB storage within the next 18 months. In addition, they would prefer to use commodity hardware as well as open source technologies. Which solution should be recommended?
A. Cinder
B. Hadoop
C. Swift
D. Ceph
Answer: C
Explanation: OpenStack Swift Object Storage on EMC Isilon
EMC Isilon with OneFS 7.2 now supports OpenStack Swift API. Isilon is simple to manage, highly scalable (up to 30PB+ in a single namespace) and highly efficient (80%+ storage utilization) NAS platform.
Explanation: References:
http://samuraiincloud.com/2014/11/26/openstack-swift-object-storage-on-emc-isilon/
Q8. An organization plans to build a cloud using some of the existing data center infrastructure. Specifically, they want to use the existing FC storage infrastructure to support cloud hosts. However, they want to logically separate the cloud storage traffic from the existing data center storage traffic within this infrastructure. Which mechanism can be used to meet this requirement?
A. MPIO
B. VLAN
C. VSAN
D. Masking
Answer: D
Explanation: The use of VSANs allows the isolation of traffic within specific portions of the network. If a problem occurs in one VSAN, that problem can be handled with a minimum of disruption to the rest of the network. VSANs can also be configured separately and independently.
Note: Virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources. Conversely, multiple switches can join a number of ports to form a single VSAN.
Incorrect:
Not A: Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays.
MPIO is protocol-independent and can be used with Fibre Channel, Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces in Windows Server® 2008, Windows Server 2008 R2 and Windows Server 2012.
Not D: Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. LUN masking operates at Layer 4 of the Fibre Channel protocol.
Reference: https://en.wikipedia.org/wiki/VSAN
Q9. A cloud architect is evaluating an organization's need to support thousands of virtual machine instances and some form of encryption. Which encryption type should be selected and why?
A. Storage array encryption to provide centralized management
B. Full file systems encryption to simplify key management
C. Network-based encryption to increase security at the cost of server overhead
D. Self-encrypting storage devices to increase security at the cost of increased overhead
Answer: B
Q10. Which additional considerations must a cloud monitoring system address compared to a traditional monitoring system?
A. Tenant isolation, orchestration, and elastic workloads
B. Orchestration, elastic workloads, and Data at Rest security
C. Elastic workloads, Data at Rest security, and tenant isolation
D. Data at Rest security, tenant isolation, and orchestration
Answer: C
Explanation: * Encrypt data-at-rest
Encryption is your front-line defense for defending data-at-rest. It limits access to those with the right keys - locking out anyone who doesn't have them.