Veeam Certified Architect VMCA_v12 Dumps (V8.02) – Designed for Your Veeam Certified Architect (VMCA) Exam Success on the First Attempt

1. When deciding on the design of the primary backup repository, which option best fits the requirements in the case study?

2. The decision has been made to separate out proxies for gold tier and silver/bronze tier.

Which reason below justifies the decision?

3. Looking at the existing error, you suspect that most of the issues could be resolved with different repositories. Assuming the repositories will be able to accomplish much higher throughput, what new issue might come up?

4. Based on the requirements, what should be factored into the physical design when implementing backup copy jobs between sites?

5. What information related to sizing the NAS infrastructure is missing and must be collected during the discovery? (Choose 2)

6. Based on Customer requirements, how should virtual machine backups be scoped? (Choose 2)

7. What information is missing form discovery?

8. 1. Topic 1, Veeam Life and Indemnity

Executive Summary:

Veeam Life and Indemnity is expanding its existing Veeam backup infrastructure to protect additional virtual machines, physical server and NAS workloads at their Fresno, CA and Carson City, NY data centers.

The original installation and configuration of Veeam software occurred two years ago. Since the installation, the organization has grown, and as a result, the Veeam Infrastructure needs to be resized to accommodate the existing and new workloads.

For the past three months, Veeam Life and Indemnity has noticed that they are having issues with backups completing within the allotted backup window. Only 40% of backup jobs complete successfully, so they have broken the backups into two sets, and they run them on alternating days. They have also stopped all backups for their development environment.

In addition, the original configuration required a daily backup copy job, but to the issue with backups completing, this has been modified to run only on Sundays.

They have also noticed a degradation in storage performance and are having to purchase new storage on a quarterly basis to accommodate data growth.

Solution Concept:

Veeam Life and Indemnity is upgrading Veeam Backup & Replication to the last version. They are also replacing all legacy physical hardware and storage with current generation equipment. Veeam Life and Indemnity wants to be able to ensure that all backups, including production and dev test workloads, can run every night and that all backups complete within the required backup window. In addition, Veeam Life and Indemnity would like to run daily copy jobs to ensure that a copy of all backed up data resides at both physical sites.

Veeam Life and Indemnity has also expressed concern about the threat of ransomware. They have not experienced a data breach of any kind but would like to ensure the ability of recover should one occur.

Existing Technical Environment:

Veeam Life and Indemnity has VMware clusters in all locations.

These clusters are broken into two categories:

general use virtual workloads, and application specific workloads, such as MSSQL and Oracle.

All customer data is subject to government regulation and must be kept secure at all times.

Veeam Life and Indemnity has a proprietary CRM system that must be quiesced prior to backup.

All email is hosted in Office 365.

All database servers are virtualized.

All virtual machines are categorized as either gold, silver, or bronze, with different service-level agreements based on tier.

All backups currently encrypted in flight and at rest.

Internet connectivity at both sites is current 1 Gbps, with plans to increase to 2 Gbps soon.

All field sales reps are assigned a company laptop that runs a CRM client.

The LAN at each location supports up to 40 Gbps bandwidth.

All backups are currently written to Scaled-out Backup Repositories with each extent residing on a CIFS share.

Each department has its own vLAN, with a total of 30 vLANs for production traffic.

A single management vLAN is stretched between sites.

All unstructured data resides either on 10 NFS shares on the company’s incumbent NAS devices, or Windows file servers as file shares.

VMware uses vSAN for VM datastores.

All vLAN must traverse a firewall to communicate, and the backup network itself is no routable.

All network traffic between clusters is required to traverse a firewall.

The firewall devices can support up to 20 Gbps.

Business Requirements:

Due to limited manpower, all backups should be dynamically scope.

All backups must be copied across site outside of the current backup window to avoid any backup performance issues.

Due to the sensitivity of customer data, tier 1 helpdesk personnel must not be able to access these backups.

They should have access to restore non-customer data.

Backup administrators are subject toa rigorous background check and should be the only staff able to perform restores of confidential customer data.

For any legal issues, fast and timely discovery from backup data should be supported.

For security purposes, all storage should be hardened to prevent data breaches.

Remote sales staff should have the ability to start a backup oh their devices.

Due to regulatory requirements, audits must be performed periodically to ensure successful and consistent backups, as well adherence to security policies.

Technical Requirements:

All backups must complete within the hours of 5 p.m. to 8 a.m. local time

Backup copy jobs must successfully complete daily outside of the backup window.

Gold tier virtual machines have a recovery point objective of the one hour for image backup, and 15 minutes for traction log backup, with a recovery time objective of four hours.

Silver tier virtual machines have a recovery point objective of 24 hours, with a recovery time objective of eight hours.

Bronze tier virtual machines have a recovery point objective of seven days, with no defined recovery time objective.

NAS devices and file servers have a recovery point objective of four hours, with no specified recovery time objective.

Eight weekly backup, three monthly backups, and seven yearly backups should be retained for regulatory requirements.

All data must be encrypted in flight and rest.

Alternative decryption capabilities on encrypted backups must be possible in the event of lost passwords.

Role Based Access Control must be used to prevent unauthorized access to backup data.

New storage must be hardened to prevent intrusion, and if possible, the data written must be unchangeable to prevent ransomware attacks.

All backups must be scanned prior to any restore operations for malware.

All gold level systems must have a custom script run before restore to ensure compliance to specific legal statutes.

Gold tier backups must be tested to verify recoverability.

Only silver tier systems should be indexed during backups, with the exception of laptops belonging to the sales field.

All personal files on laptops should be excluded from backup All MSSQL server backups should exclude the H: drive.

In order to improve the likelihood that a ransomware attack on the Veeam infrastructure will not be successful, which of the following should Veeam Life and Indemnity do?

9. Based on the customer Windows and Linux file server backup requirements, which component will help them meet their stated objectives?

10. You are examining the requirement: “If possible, the data written must be unchangeable to prevent ransomware attacks.”

Which types of jobs do not support using immutability from S3 Object Lock or hardened repositories? (Choose two)

11. Based on customer recovery requirements, which component will help them meet their stated objectives?

12. Based on the customer’s security requirements around restore capabilities, which components should be deployed?

13. To demonstrate SLA compliance during audits and protection against exposure to personally identifiable information, which configuration would verify this is possible in the event of exposure?

14. During a proof of concept deployment at Veeam University Hospital, it is noted that only some of the backup files in a specific Scale-out Backup Repository are immutable.

What can cause this behavior?

15. The company has committed to providing the numbers for source in-use data for gold tier virtual machines.

In order to attempt to collect metrics for hourly gold tier backups, which of the following additional metrics are need for proxy sizing?

16. During Veeam deployment, Veeam Life and Indemnity has determined that the latency encountered during backup of the virtualized MSSQL Server database running on vSAN is too high.

What is the recommended step Veeam Life and Indemnity can take to improve this?

17. Gold tier virtual machines have a recovery point objective of one hour for image backup.

Which transport mode could you use during the redesign? (Choose 2)

18. The customer has asked you to review their existing backup storage. Jobs show the target is the bottleneck.

What steps should you take to improve performance?

19. Based on the customer’s hardening requirements, what steps should be taken to correct the storage configuration?

20. Based on the requirements, and the assumption that Veeam University Hospital will keep their existing backup storage, which answer describes which components are needed for the on-premises design?

21. What can be done to validate that the design meets target SLAs and does not exceed repository growthprotections?

22. The customer has expressed concerns based on their technical requirements regarding the gold tier virtual machines and the recoverability of backup files.

How can the recoverability testing be accomplished to meet the customer’s requirements?

23. During deeper technical discovery it was uncovered that that the customer also has a Fibre Channel SAN that needs protection. Veeam University Hospital asks about the option of performing backup from storage snapshots.

What component(s) will this require?

24. Veeam Life and Indemnity informs you that they have experienced issues with the time to back up file data from the existing legacy NAS backup. The NAS is being backed up at file level with a low change rate. The source capacity to back up is 12 TB connected to a 10 GbE switch over eight hours.

What assumptions about the current environment could you draw from this?

25. The customer states that Veeam Backup & Replication is on the production domain.

What direct risks does this present?

26. Based on additional discovery, it was determined that a few critical workloads need to maintain a less than five-minute recovery point objective.

Which of the following would be the recommended method to replicate VMware virtual machines?

27. What is the retention requirement for gold tier virtual machines?

28. The customer has stated that they plan on purchasing new physical server component and repository storage.

What additional information is needed to define the implementation process later?

29. While examining the requirements for offsite copies and archives, you notice that it might be assumed that the offsite copies should only go to a cloud provider that supports immutability.

Which of the stated requirements needs additional information to help clarity the customer expectation?

30. During the deployment, Veeam University Hospital management has asked that the backup window be shortened to eight hours.

What is a possible ramification of this change?

31. What information is necessary to design the disaster recovery solution and must be identified during discovery? (Choose 3)

32. While reviewing the technical requirements for gold tier backups requiring periodic backups every hour, you determine this goes against one of the other requirements and you need to get clarification on which on has priority.

Which of the following does the recovery point objective requirement directly conflict with?

33. During further discussions, the 3-2-1 rule was recommended.

What is the most efficient way to protect primary and secondary sites following the 3-2-1 rule?

34. Which type of backup job will you need more informacion on to properly plan backup copy job settings later to make sure you are creating the required number of restore point per day offsite?

35. During architecture planning, Veeam Life and Indemnity decides that recovery point objective of gold tier machines should change from one hour to three hours with daily retention set to seven days.

What will be impact on the Veeam design?

36. Based on the requirements, what is the recommended storage option for the backups kept on-premises?

37. You are trying to determine which feature would work the reliably for excluding the H: drive on MSSQL server virtual machines. The MSSQL servers are built on demand, not from virtual machine templates.

Which is the preferred method to achieve this requirement?

38. Which of the following areas would benefit from additional analysis on areas mentioned in the case study? (Choose 3)

39. What information related to the virtual infrastructure is missing and must be collected during the discovery phase) (Choose 2)

40. Veeam University Hospital is considering using Veeam ONE to collect alarms from the virtual and backup infrastructure.

What option is available for integrating the solution with ticketing systems?

41. Based on additional discovery, it was determined that a few critical workloads need to maintain a less than five-minute recovery point objective.

Which of the following would be the recommended method to replicate VMware virtual machines?

42. Considering the security, throughput, and retention requirements, what would be part of an acceptable backup repository design? (Choose 2)

43. Assuming that you put the backup repositories in the backup network only, what possible issue could arise?

44. Which of the following could cause failures to meet the requirement to test gold tier backups?

45. In order to improve the likelihood that a ransomware attack on the Veeam infrastructure will not be successful, which of the following should Veeam University Hospital do?

46. Veeam University Hospital perform a proof of concept of the design outline in the architecture. Backups completed successfully, but it is determined that backup copy jobs between sites are not completing in the required timeframe. During the result analysis, it was discovered that the bandwidth between sites was heavily saturated.

What adjustments within the Veeam infrastructure would best address this issue?

47. In addition to scanning all backup for malware before restoring, what additional Veeam capabilities must be included in the conceptual design for gold level systems? (Choose 2)

48. What components can help meet the following requirement: “Alternative decryption capabilities on encrypted backups must be possible in the event of lost passwords”?

49. Topic 2, Veeam University Hospital

Executive Overview:

Veeam University Hospital is a healthcare network with located is Boston, Salt Lake City and Columbus. They are considered a pioneer in breakthrough treatments to many illnesses and recognized worldwide as a leader in their field. They have decided to modernize their data protection strategy due to new regulatory requirements as well as ever evolving malware issues. They suffereda ransomware attack recently as well, which affected several systems with patient treatment.

Furthermore, they have expressed interest in replication of virtual workloads between sites in case of a disaster to allow for timely failover between sites with would ensure continuity in the level of patient care offered.

Their board of directors is concerned that all virtual workloads at this point can be considered a single point of failure.

Veeam University Hospital has also been experiencing issues with the time required to back up NAS systems. Not only are they taking too long, the amount of space required is considered excessive, and a reduction of storage space for these backups is desired.

Veeam University Hospital had issues with the time required to restore Exchange items. The current solution will only restore entire mailboxes, and no granularity is possible.

For this implementation to be successful, backups must complete in the allotted backup window, and the recovery of data should be faster than the current solution, which can amount to 24 to 48 hours for a full system restore.

Solution Concept:

Veeam University Hospital is replacing their current backup solution Veeam. They plan to protect data at all three sites, with backups copied off-site for disaster recovery purposes. They have also expressed an interest in taking action to prevent another data lost due to ransomware. The offenders were also able to encrypt the existing backups as part of the attack, so data recovery is impossible. Veeam University Hospital is also interested in any posible public cloud technologies that might help mitigate this risk.

In addition, replication of running workloads to secondary sites will also be implemented to allow for site failover in the event of a disaster for reduced down time.

Existing Technical Environment:

Veeam University Hospital has VMware cluster in all locations. For security purposes, each cluster is dedicated to the department that it servers. No communication between cluster is possible. These cluster are broken into two categories, one hosting database workloads and the other hosting general use virtual machines.

Confidential patient data exists on several NAS systems as unstructured data. These NAS systems are only presenting backups to ensure consistency of the database.

Veeam University Hospital has an in-house patient database required a custom script to be execute before backups to ensure consistency of the database.

MSSQL and Oracle are used by most of the departments, with a mix of virtual and physical deployments.

Each site as a 10 GbE link to the public internet, and all traffic between sites is routed through these connections via VPN.

Each site has 20 vLANs in use, with 16 being used for VMware workloads.

For security and regulatory purposes, all vLANs are firewalled off from each other.

The current backups write to NFS storage.

All doctor and lab staff are assigned their laptops, which will also need to be protected. The location of data on these devices is enforced through group policy, and consistent throughout the organization.

No current disaster recovery solution, apart from restoring from backup files, exists at this time.

Business Requirements:

Any new solution must take advantage of automation and self-service functionality. Both features are needed to cut down on administrative costs. Role based access (RBAC) is mandatory. Forexample, only Oracle administrators can have the ability to perform self-service restore of Oracle Data.

Mission critical applications must not be impacted during business hours. All backups must complete between 6 p.m. and 8 a.m. local time.

To meet regulatory requirements all data must be retained for three years.

For archival purposes, 12 monthly backups and three yearly backups must be stored offsite.

Veeam University Hospital will only purchase on-premises storage to accommodate growth for three years of backup retention.

For any replicated virtual workloads, the data must not more than one hour old.

Due regulatory requirements, all protected data must be encrypted in flight and rest.

To meet customer service-level agreements, a commercially available helpdesk ticketing system is in use. All alerts generated must be integrated with this system to create support tickets.

Technical requirements:

Backups must take advantage of public cloud storage for long term archival purposes.

The solution must keep a local backup and be able to create an additional copy of production data. Both backups should reside on site with production systems being protected.

For quick restores and recovery, at least copy of protected data must reside on-premises.

Due to the threat of ransomware, at least one immutable or air gapped copy of protected data must reside

off-side.

To ensure data integrity, backups must be verified and scanned for malware before any restore Is performed.

In addition to Self-service Oracle restores, native Oracle tools must be available and PowerShell script ready to perform ad-hoc backups and restores.

The backup solution must support VMware encrypted datastores.

Backups must be stored in logical scalable storage systems that can be expanded non-disruptively.

For end user laptop backups, only user data should be backed up. Operating system files should be excluded.

Personal files such as music, photos, and videos must be excluded for backup.

Which of the following is risk for this project?

50. Consider the requirements regarding immutable or air gapped and different types of workloads.

Which types of jobs do not support using immutability from S3 Object Lock or Hardened Repository and will need a different solution?

51. During discovery, it is determined that a group of MSSQL systems are running in an Always-On cluster and sensitive to virtual machine stun.

How should these systems be configured for backups?

52. While going through the discovery data for the NAS environment, you determine several key metrics are missing for later deign and sizing.

Which of the following should you collect from the customer about the data stored on the on the NAS per site? (Choose 3)

53. To ensure SLA compliance and protection against ransomware, which of the following configurations would accomplish this goal?

54. examining the list of requirements, you notice that it is necessary to have backups encrypted.

If you use Veeam’s native encryption, which repository type will be the most impacted?

55. What assumption can be made for the conceptual design?