Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. An organization wants to deploy a service catalog in a private cloud. What requirements are met by using a service catalog?
A. Ability for administrators to manage multi-tenancy
B. Ability for users to measure service performance
C. Ability for users to aggregate service logs
D. Ability for administrators to attach storage pools
Answer: B
Explanation: Benefits of implementing and maintaining a service catalog include allowing an enterprise to track and manage metrics that represent the utilization of services and service-related traits, such as those associated with service supply and demand.
References:
https://en.wikipedia.org/wiki/Service_catalog
Q2. A cloud architect is designing a private cloud for an organization. The organization has no existing backup infrastructure. They want to offer consumers the ability to backup virtual machine instances using image-based backups.
What should the cloud architect look for when selecting a backup application for this environment?
A. Virtual machine hardware is on the backup application vendor's compatibility list
B. Hypervisor servers' hardware is on the backup application vendor's compatibility list
C. Backup application can be integrated with the selected CMP components
D. Backup application supports a cloud gateway for accessing the cloud-based virtual machines
Answer: D
Explanation: A cloud storage gateway provides basic protocol translation and simple connectivity to allow the incompatible technologies to communicate transparently. The gateway can make cloud storage appear to be a NAS filer, a block storage array, a backup target or even an extension of the application itself.
Explanation: References:
http://searchcloudstorage.techtarget.com/definition/cloud-storage-gateway
Q3. An organization has internal applications that require block, file, and object storage. They anticipate the need for multi-PB storage within the next 18 months. In addition, they would prefer to use commodity hardware as well as open source technologies. Which solution should be recommended?
A. Cinder
B. Hadoop
C. Swift
D. Ceph
Answer: C
Explanation: OpenStack Swift Object Storage on EMC Isilon
EMC Isilon with OneFS 7.2 now supports OpenStack Swift API. Isilon is simple to manage, highly scalable (up to 30PB+ in a single namespace) and highly efficient (80%+ storage utilization) NAS platform.
Explanation: References:
http://samuraiincloud.com/2014/11/26/openstack-swift-object-storage-on-emc-isilon/
Q4. An architect is designing the compute resource pools for a cloud. As part of the deliverables, the architect has included the standard specifications for the physical servers to be used. The organization has provided estimates for future growth but has concerns about whether these estimates are accurate. What should be included in the design to address these concerns?
A. A monitoring application and procedures for pool expansion
B. A chargeback application and orchestration workflows to auto-scale pools
C. A metering application and orchestration workflows to auto-scale pools
D. A configuration management application and procedures for pool expansion
Answer: A
Q5. An organization wants to deploy a service catalog in a private cloud. What requirements are met by using a service catalog?
A. Ability for administrators to manage multi-tenancy
B. Ability for users to measure service performance
C. Ability for users to aggregate service logs
D. Ability for administrators to attach storage pools
Answer: B
Explanation: Benefits of implementing and maintaining a service catalog include allowing an enterprise to track and manage metrics that represent the utilization of services and service-related traits, such as those associated with service supply and demand.
References:
https://en.wikipedia.org/wiki/Service_catalog
Q6. What describes the storage categories represented by OpenStack Swift and EMC XtremIO requirements?
A. Swift = Distributed Object StorageXtremIO = Central Storage
B. Swift = Central Storage XtremIO = Distributed File Storage
C. Swift = Distributed Block StorageXtremIO = Distributed Object Storage
D. Swift = Distributed File StorageXtremIO = Distributed Block Storage
Answer: A
Explanation: OpenStack Swift is a globally-distributed object storage with a single namespace that's durable enough for the most demanding private clouds and now brought to you in an easy-to-deploy/scale/manage system.
XtremIO is a flash-based Storage Array. Explanation:
References:
https://www.swiftstack.com/#testimonial/2 http://www.emc.com/collateral/white-papers/h11752-intro-to-XtremIO- array-wp.pdf
Q7. An organization wants to provide backup services in the cloud. They have no backup infrastructure in place. The organization has concerns about losing data if a site disaster occurs. They want to maintain control of backup data placement because of data privacy laws. Finally, they want to maintain at least one month's worth of backups onsite. Which backup solution will meet these requirements?
A. Local backup
B. Remote backups
C. Local backup with replication
D. Local backups with cloud gateway
Answer: D
Explanation: Cloud gateway allows EMC customers to move on-premise data from EMC arrays to public cloud storage providers. Clod gateway facilitate data migration from on-premises to a public cloud storage service to create a true hybrid cloud storage environment.
Cloud gateways such as Riverbed's SteelStore (formally known as Whitewater) can act as a local backup target for funneling data to a storage cloud for offsite storage.
Explanation: References:
http://blogs.forrester.com/henry_baltazar/14-07-09-gateways_will_accelerate_data_migration_to_the_cloud
Q8. A cloud architect is evaluating an organization's need for encryption. Which type of encryption eliminates the requirement for key management?
A. Embedded
B. File-based
C. File system-based
D. Virtual disk
Answer: D
Explanation: The most convenient form of encryption is disk/volume encryption. If you have any data on an existing Virtual Machine (VM), you can easily add an encrypted disk or volume. Then, when you unmount the encrypted volume (or power off the server), as long as you don't store the encryption key on the server, your data is safe.
The drawback with this type of encryption however is that if your server gets compromised somehow, there is a possibility that the attacker could capture your passphrase/key (and/or data) the next time you mount the disk image. Incorrect:
Not C: Filesystem-level encryption, often called file/folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. Each file can be and usually is encrypted with a separate encryption key.
Explanation: References:
https://www.cloudsigma.com/securing-your-data-in-the-cloud-with-encryption/
Q9. In addition to the operating system, what other components does the consumer manage in an IaaS cloud service model?
A. Application, data, storage, and physical networking
B. Data, middleware, application, and runtime
C. Runtime, physical servers, application, and middleware
D. Middleware, runtime, hypervisor, and application
Answer: B
Explanation: In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
IaaS clouds often offer additional resources such as a virtual-machine disk-image library, raw block storage, file or object storage, firewalls, load balancers, IP addresses, virtual local area networks (VLANs), and software bundles. Figure: Cloud-computing layers accessible within a stack
Incorrect:
Not A: not Physical networking not C: Not physical servers. Not D: Not Hypervisors. Explanation:
References: http://www.interoute.com/what-iaas
Q10. An organization wants to include performance monitoring in their cloud environment. However, they want to minimize the number of accounts and passwords that must be created on target devices and sent across the network. Which monitoring solution should a cloud architect recommend to meet this requirement?
A. Proxy
B. Agent-based
C. Agentless
D. Central
Answer: D
Q11. A company wants to build an IaaS cloud to host cloud-native applications. On which areas should a cloud architect focus when gathering requirements for this cloud design?
A. Automation, multi-tenancy, and hardware availability
B. Automation, hardware availability, and policy compliance
C. Hardware availability, policy compliance, and multi-tenancy
D. Policy compliance, automation, and multi-tenancy
Answer: C
Explanation: * Multi-tenancy
Infrastructure as a Service is very similar to what we've known as hosting or collocation services, just painted with bright cloudy colors. Multi-tenant services are any services that you offer to multiple customers, or "tenants." In most cases, IaaS and multi-tenant services mean the same thing, although you could also implement storage- or database- related multi-tenant service.
* Hardware
In the case of IaaS the computing resource provided is specifically that of virtualised hardware, in other words, computing infrastructure.
Note: Infrastructure as a Service (IaaS) is a form of cloud computing that provides virtualized computing resources over the Internet.
Explanation: References:
http://www.interoute.com/what-iaas
http://searchtelecom.techtarget.com/answer/How-do-Infrastructure-as-a-Service-and-multi-tenant-servicesdiffer
Q12. Which additional considerations must a cloud monitoring system address compared to a traditional monitoring system?
A. Tenant isolation, orchestration, and elastic workloads
B. Orchestration, elastic workloads, and Data at Rest security
C. Elastic workloads, Data at Rest security, and tenant isolation
D. Data at Rest security, tenant isolation, and orchestration
Answer: C
Explanation: * Encrypt data-at-rest
Encryption is your front-line defense for defending data-at-rest. It limits access to those with the right keys - locking out anyone who doesn't have them.
Q13. An organization wants to provide its developers with the ability to deploy virtual machines. These virtual machines have software and libraries installed that are used to develop applications. Each virtual machine will be configured with the same IP address and will be able to download application code from a central server. Which will be included in the design to support these requirements?
A. VSANs and virtual firewall appliances
B. VLANs and virtual firewall appliances
C. VLANs and virtual IDS appliances
D. VXLANs and an OS firewall
Answer: D
Explanation: Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. VXLAN will make it easier for network engineers to scale out a cloud computing environment while logically isolating cloud apps and tenants.
Explanation: References:
http://whatis.techtarget.com/definition/VXLAN
Q14. A cloud architect has determined that the cloud management infrastructure requires an authentication and PKI environment. In addition, each tenant will require its own authentication and PKI environment. What describes these separate environments in a cloud design document?
A. Availability zones
B. Fault domains
C. Multi-tenancy
D. Trust zones
Answer: C
Explanation: The term "software multitenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the software instance.
Incorrect:
Not A: Availability zones (AZs) are isolated locations within data center regions from which public cloud services originate and operate.
Not B: A fault domain is a set of hardware components - computers, switches, and more - that share a single point of failure.
Not D: Zones of trust are a defined area of the system where by by necessity, by the presence of key information assets and by the wider environmental context the connections within the zone are treated as at the same level of trust. This effectively couples the components within that subsystem for security purposes.
References:
https://en.wikipedia.org/wiki/Multitenancy
Q15. Which categories of network traffic should be isolated from inter-host communication and each other?
A. Logging and messaging
B. Cloud services and administration
C. Administration and storage
D. Messaging and storage
Answer: B
Q16. An organization plans to deploy many cloud-native applications that will generate a considerable amount of east-west traffic. The cloud-native applications will be deployed on hosts running hyppervisors. Why would distributed routers be considered in this design?
A. Enable network segment
B. Improve network performance between hosts
C. Minimize Internet traffic
D. Protect against a physical router failure
Answer: B
Explanation: Distributed Virtual Router (DVR) aims to isolate the failure domain of the traditional network node and to optimize network traffic by eliminating the centralized L3 agent. It does that by moving most of the routing previously performed on the network node to the compute nodes.
* East/west traffic (Traffic between different networks in the same tenant, for example between different tiers of your app) previously all went through one of your network nodes whereas with DVR it will bypass the network node, going directly between the compute nodes hosting the VMs. Etc. Explanation:
References:
http://assafmuller.com/2015/04/15/distributed-virtual-routing-overview-and-eastwest-routing/
Q17. When implementing QoS across a cloud network, how is storage traffic usually prioritized?
A. Most important
B. More important than tenant traffic but less important than management traffic
C. More important than management traffic but less important than tenant traffic
D. Least improtant
Answer: C
Q18. An organization plans to build a cloud using some of the existing data center infrastructure. Specifically, they want to use the existing FC storage infrastructure to support cloud hosts. However, they want to logically separate the cloud storage traffic from the existing data center storage traffic within this infrastructure. Which mechanism can be used to meet this requirement?
A. MPIO
B. VLAN
C. VSAN
D. Masking
Answer: D
Explanation: The use of VSANs allows the isolation of traffic within specific portions of the network. If a problem occurs in one VSAN, that problem can be handled with a minimum of disruption to the rest of the network. VSANs can also be configured separately and independently.
Note: Virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources. Conversely, multiple switches can join a number of ports to form a single VSAN.
Incorrect:
Not A: Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays.
MPIO is protocol-independent and can be used with Fibre Channel, Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces in Windows Server® 2008, Windows Server 2008 R2 and Windows Server 2012.
Not D: Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. LUN masking operates at Layer 4 of the Fibre Channel protocol.
Reference: https://en.wikipedia.org/wiki/VSAN