1. A user cannot consume SaaS services while working remotely. IP whitelisting is implemented to connect to a SaaS provider as a security mechanism.

Which of the following describes the MOST likely reason why the user cannot access the SaaS resources?

2. After running monthly capacity reports on private cloud hosts, an engineer decides the CPU overcommitment ratio on the cluster is affecting performance on the VMs.

If the engineer is trying to minimize costs, which of the following actions is the engineer MOST likely to take?

3. A university is running a DNA decoding project that will take seven years if it runs on its current internal mainframe. The university negotiated a deal with a large cloud provider, which will donate its cloud resource to process the DNA decoding during the low peak time throughout the world.

Which of the following is the MOST important resource the university should ask the cloud provider to donate?

4. Based on demand, an IaaS provider wants to deploy a security application for its customers.

Which of the following is the BEST technique for the IaaS provider to apply this to target systems?

5. Government agencies currently operate their own websites, each with its own directory services. There is a mandate to minimize IT administration.

Which of the following should the cloud services architect choose to BEST meet this mandate?

6. A real-time video-streaming company is determining the best cloud provider for high

network performance, availability, and reliability requirements for the company’s all-in cloud strategy. The new service should survive any regional disruption without any customer downtime.

Which of the following is the BEST solution?

7. A rural manufacturing company wants to move all IT services, including the industrial control systems, to the cloud.

Given this scenario, which of the following cloud services elements would be a challenge to the deployment?

8. A cloud service company is proposing a solution to a major sporting venue. The solution offers 99.999% availability during special events, which is proven through specialized testing.

Which of the following techniques should be applied to confirm the high availability claimed by the company? (Select TWO.)

9. IaaS users are reporting longer than expected wait times when accessing the virtual file repository. There are more than 2TB of free disk space, and vCPU and vRAM do not reach more than 75% utilization.

In which of the following ways should the cloud systems administrator analyze this issue?

10. A company is implementing a launchpad within an existing application that will point to an existing SaaS provider. One of the requirements is the user should not have to log on multiple times. SSO is in place. When the launchpad is used, the user is redirected to SaaS providers as designed, but is asked for login credentials.

Which of the following is the MOST likely cause of this issue?

11. A cloud application development team needs to consider the following requirements to the built in as part of the application’s authentication process:

- Customers should have the flexibility to use their own identity stores within the authentication process.

- Customers should not be asked to provide the credentials repeatedly for different applications with different permission sets.

Which of the following solutions would BEST help the team achieve the above business objectives? (Choose two.)

12. A cloud administrator is provisioning five VMs, each with a minimum of 8GB of RAM and a varying load throughout the day. The hypervisor has only 32GB of RAM.

Which of the following features should the administrator use?

13. A company is subcontracting part of a large project to another company. Management wants to ensure that there is a secure way for employees from both companies to share data without exposing internal information to employees at the other company.

Which of the following cloud models BEST serves this purpose?

14. A company has developed a SaaS product for the financial services industry. The Chief Executive Officer (CEO) of the SaaS company has engaged an independent third party to run tests against its platform.

Which of the following is the MOST likely test the third party has been engaged to perform?

15. A large finance firm processes three times as many transactions in December of each year. The transactions are processed in a private cloud. Management wants to avoid adding permanent resources to accommodate the single month increase.

Which of the following is the BEST way to meet the need?

16. A security analyst is reviewing logs and sees a former employee’s account has been used to access critical information on a private cloud resource. The analyst examines firewall and IPS logs but does not find traffic that is relevant to the breach.

Which of the following is the MOST likely source of the compromise?

17. A consultant is helping a gaming-as-a-service company set up a new cloud. The company recently bought several graphic card that need to be added to the servers.

Which of the following should the consultant suggest as the MOST cost effective?

18. A cloud administrator for a state government agency is tasked with giving access to the voter registration application to a government agency in another state. Only authorized officials from each state should access the application. These agencies have a common environment where applications have been deployed in the past.

Which of the following

should the cloud administrator do to give access to the application?

19. A user has submitted a ticket to request additional VMs due to long wait times for online ordering.

Given the snapshot of the resources in the table below:

Which of the following is the BEST option for the administrator to resolve the ticket?

20. After monthly patching, a large number of users who are logged onto the network report that application links from a company’s intranet site, which previously opened directly into the website, are now prompting for logon information. Application administrators confirm that the websites in question are working properly.

Which of the following is the MOST likely cause of the new behavior?

21. A CASB provides the application proxy and web application firewall to a large retailer. All access to the retailer cloud application must originate from the CASB-designated IP addresses. The CASB has known geolocations with known IP addresses. Suddenly, all customers are not able to access the retailer cloud applications.

Which of the following is MOST likely the reason for the issue?

22. When designing a new private cloud platform, a cloud engineer wants to make sure the new hypervisor can be configured as fast as possible by cloning the OS from the other hypervisor. The engineer does not want to use local drives for the hypervisors.

Which of the following storage types would BEST suit the engineer's needs?

23. A company has implemented a change management process that allows standard changes during business hours. The company’s private cloud hardware needs firmware updates and supports rolling upgrades.

Which of the following considerations should be given to upgrade firmware and make the change as transparent as possible to users?

24. A company provides IaaS services.

Which of the following disk provisioning models for creating standard template should the company use to provision virtual instances?

25. A cloud administrator for a customer’s environment must ensure the availability of critical applications. The cloud provider hosting the infrastructure lost power, and the environment was down for four hours.

Which of the following solutions is MOST suitable for ensuring availability of critical applications?

26. A company is migrating some of its consumer-facing services to a cloud provider. The company has been getting more customers since its competitors have gone bankrupt.

Which of the following actions would BEST meet the company’s increased resource needs?

27. A private cloud customer is considering using the public cloud to accommodate the peak utilization workload.

Which of the following would be considered the ideal scaling solution?

28. A security and risk team requires a weekly report to detect VM file system changes and validate the integrity of the OS.

Which of the following is the BEST solution for this requirement?

29. A recent advertisement campaign has increased traffic to an e-commerce application that is hosted within a public cloud environment. Customers are reporting that it takes too long to load their pages and submit orders. A cloud administrator looks at the metrics from the environment and sees high utilization of the CPU and memory resources. The cloud provider offers several preconfigured sizes for server template: x-small, small, medium, large, x-large, and 2x-large.

Given an expected increase in workload, which of the following is the BEST solution to improve application performance?

30. A company is in the process of evaluating cloud service providers, as it is planning to move all of its onpremises IT services to the cloud. Most of the applications are mission critical with four 9s and five 9s uptime. The area where the company is located is also prone to natural disasters. One of the main requirements is that IT services need to survive local outages as well as regional outages. One of the company’s main customers is a government entity.

Which of the following is the BEST way for a cloud engineer to address these requirements?

31. Company A just acquired Company B and needs to migrate critical applications to Company A’s private cloud infrastructure. Company B’s applications are running on legacy servers and cannot be removed from the current datacenter where they reside.

Which of the following migration strategies should the cloud administrator use?

32. A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done FIRST?

33. A cloud administrator needs to configure multiple web servers to participate actively in workload processing.

Which of the following will BEST help the administrator achieve this goal?

34. Ann. a user, has tried to connect to a VM hosted in a private cloud using her directory services credentials. After three attempts, she realizes the keyboard was set to German instead of English, and she was typing "z" instead of "y". After fixing this issue, Ann is still unable to log in; however, other users can access the VM.

Which of the following is the MOST likely cause?

35. An administrator is creating new severs in a public cloud. The workflow creates and application group with three VMs, one web server, one application server and one database server. The three VMs are all accessible via SSH, but the websites shows a 503-error referring to a database issue.

Which of the following is the MOST likely cause of the error?

36. DRAG DROP

Drag and drop each Disaster Recovery Solution need to the corresponding SLA requirement. Options may be used once or not at all.

37. A private cloud is using the iSCSI protocol for connection from storage to hypervisors. This connection is not encrypted currently, and the systems administrator is tasked with enabling on-the-fly encryption.

Which of the following technologies should the administrator use?

38. A new browser version has been deployed to all users at a company. After the deployment, users report that they can no longer access the company's secure time-card system, which is hosted by a SaaS provider. A technician investigates and discovers a security error is received upon opening the site. If the browser is rolled back to the older version, the site is accessible again.

Which of the following is the MOST likely cause of the security error users are seeing?

39. A cloud architect is deploying a VM in a public IaaS cloud. The software that will be installed on the VM is not compatible with any of the OS versions in the system images offered by the IaaS vendor.

Which of the following is the BEST way to deploy a VM with the required OS?

40. An entertainment company with a very large movie library is moving all of its production systems to an IaaS cloud. The current lease is expiring in the next month, and the company made a last-minute decision not to renew the lease.

Which of the following would be the MOST effective way to move all the data to the new cloud provider?

41. Apply the network and security groups from the original region to the new VM.

42. In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network.

Which of the following describes where the security team should deploy the updated signatures?

43. A SaaS customer reports that no one can access the application portal. After some troubleshooting, the cloud administrator finds a problem and provides a remedy by restarting the cluster. After documenting the solution, the support case is closed. Multiple tenants lose access to their hosts the following day.

Which of the following troubleshooting steps did the administrator miss?

44. An administrator is implementing a new SaaS application. The administrator has been directed to enhance the user authentication experience.

Which of the following technologies BEST meets this requirement?

45. A security administrator wants to automate the implementation of network-based ACLs for services deployed within the company VPC. The security administrator is mostly concerned with intra-VPN separation to prevent unauthorized communication between cloud deployed services within the VPC.

Which of the following should the security administrator implement?

46. Of ten newly deployed VMs from a single template, the cloud administrator notices one VM has direct root access enabled and automatic configuration control disabled. These settings do not comply with the company’s policies for production VMs.

Which of the following is the MOST likely cause of this situation?

47. A cloud administrator is troubleshooting a network issue that was raised after the introduction of a CASB solution. The administrator attempts different ideas during troubleshooting but is unable to resolve the issue.

In which of the following steps of the troubleshooting process is the administrator experiencing an issue?

48. Before doing a change on a VM, a systems administrator wants to ensure there is an easy and fast way to rollback if needed. The change and testing should take approximately two hours.

Which of the following is the EASIEST way to meet this requirement?

49. Accessing various SaaS applications is challenging.

Which of the following should the IT security department implement to BEST resolve the issue? (Select THREE).

50. Which of the following provides the BEST approach for deploying multiple new firewalls into an IaaS cloud environment with minimal errors?

51. A cloud-based web store is experiencing poor website performance and unavailability.

Which of the following approaches would prevent the issue without administrator intervention?

52. An engineer is configuring the monitoring for a new application server. During the day, the CPU on the server is baselined at approximately 30% utilization. At midnight, a batch job is scheduled to run that will drive the CPU utilization up to 75% for approximately an hour.

Any time the CPU utilization is at 40% or higher for longer than ten minutes, administrators will receive an alert.

Which of the following is the BEST method to ensure administrators do not experience message fatigue due to false alerts?

53. A manufacturing company has the following DR requirements for its IaaS environment:

✑ RPO of 24 hours

✑ RTO of 8 hours

The company experiences a disaster and has a two-site hot/cold configuration.

Which of the following is the BEST way for the company to recover?

54. A cloud engineer is upgrading a high-performance computing cluster for the private cloud. The existing cluster is being replaced with GPU servers. A single GPU server is capable of the same teraflops output as 10 CPU servers.

The current cluster configuration is as follows:

✑ 100 quad-core CPU servers capable of producing 100 teraflops.

✑ The baseline and current usage is 100%.

The new cluster was set up and benchmarked in four different configurations.

Which of the following configurations will meet the baseline teraflops performance of the cluster while maintaining the current usage?

55. A cloud administrator has configured a connection between two virtual private cloud environments at a public cloud provider that are each in different accounts. The administrator has configured the accounts correctly so they can connect to each other’s resources. Both cloud environments have policies that allow anyone from 0.0.0.0/0 on TCP port 22.

The following table shows the network configuration information:

However, the administrator is unable to establish an SSH connection from a server in 10.250.40.100 to 10.250.48.214.

Which of the following is the MOST likely issue?

56. The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window.

Which of the following is the MOST efficient way to get the patches installed?

57. A customer has requirements for its application data to be copied into a second location for failover possibilities. Latency should be minimized, while RPO and RTO are over 15 minutes.

Which of the following technologies BEST fits the customer’s needs?

58. Developers are frustrated by the deployment delay caused by setting up permissions and firewall rules.

Which of the following would be the BEST way to resolve this issue?

59. Ann, an internal user, has been accessing an internal SaaS solution on a different subnet for the last several months. When Ann tries to connect to the application today, she receives an error stating the resource cannot be found. When checking with her teammates, she discovers some users can access the resource and others cannot.

Which of the following tools would be the BEST option to determine where the issue is located?

60. A company has moved all on-premises workloads into a public cloud. After some time, the cloud engineer starts noticing time drifts on the VMs and suspects an NTP issue. Time drifts were not an issue when all the workloads were on-premises.

Which of the following describes how the cloud engineer should resolve the issue?

61. A company uses SaaS and IaaS solutions from multiple cloud providers. Users report that this requires them to manage and remember multiple user accounts and passwords.

Which of the following solutions should be implemented to fix this issue?

62. Cloud developers are experiencing a delay caused by the static code review before each deployment. The security operator and developer must address the issue without cutting corners with security testing.

Which of the following would BEST address the delay issue?

63. A service engineer is trying to determine why one of the company’s SaaS solution is no longer available. The internal systems are responding and other online applications using the same SaaS solution are responding as expected.

Which of the following is the MOST common cause of the availability issue?

64. A hospital is leveraging a third-party-hosted, SaaS-based EMRS for all its regional locations. The EMRS will consolidate all existent stand-alone regional systems. All regional systems managers are concerned about the new system availability.

Which of the following should the new EMRS architect do to address the manager’s concerns?

65. An e-commerce business recently experienced a two-hour outage from its hosted web service provider. According to the SLA, the business needs to determine how much data can be restored. On which of the following service-level components should the business focus?

66. A development team released a new version of an application and wants to deploy it to the cloud environment with a faster rollback and minimal downtime.

Which of the following should the cloud administrator do to achieve this goal?

67. A cloud administrator is securing access to a VM using an IaaS cloud platform. The administrator must perform this task using an automated method, allow administrators to perform any method and expose any property of the VM, deny access for everyone else, and allow only read-only access to everyone else.

Given this scenario, which of the following should the administrator use to BEST meet these requirements?

68. A new service request asks for all members of the finance department to have access to the accounting department’s file server VMs on the private cloud environment.

Which of the following is the MOST efficient way to fulfill this service request?

69. A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14- day retention policy for all logs.

Which of the following is the BEST solution to implement to minimize future alerts?

70. A software solution must be deployed based on the most granular access level.

Which of the following methods should be used to meet the requirements?

71. There has been a change in requirements for two countries where PCI virtual instances exist. As such three virtual instances need to be added in both countries’ PCI environments, and two instances need to be removed.

Which of the following is the BEST way to ensure compliance is met in those two countries?

72. A critical new security update has been released to fix an identified zero-day vulnerability with the SSH server process. Due to its severity, all development and staging servers must have this update applied immediately.

Which of the following is the FASTEST way for the administrator to apply the patch and ensure all systems are configured consistently?

73. Joe, a customer, wants to implement backup of his replicated VMs so production performance is not affected at the primary site.

Which of the following backup methods would be the MOST appropriate?

74. A company wants to ensure production data is not exposed during a functional and load testing exercise, as it will be the source of the data.

Which of the following techniques should the cloud administrator deploy to ensure testing requirements are met?

75. A cloud administrator is analyzing usage trends for a website housed within an IaaS cloud platform. The administrator notices that traffic and visitors to the site quadrupled from the normal baseline during the holiday season. The environment has a load balancer that uses standardized VMs to host the applications.

Given this scenario, which of the following would be the MOST efficient, provide no downtime, and address the temporary spike in traffic?

76. An administrator needs to deploy a new release of an application in a way that allows a quick rollback to the previous version of the application.

Which of the following is the BEST strategy to apply?

77. A facilities management company uses a private cloud that bursts to a public cloud at times. The CSA is asked to check the amount of storage that is used when the organization is overutilizing on-premises resources.

Which of the following should the CSA check?

78. A cloud administrator is adding several accounts for new development team interns. These interns will need access to some, but not all, of the resources and will only be working over the summer.

Which of the following user provisioning techniques should be used?

79. Ann, the lead product developer for a company, just hired three new developers. Ann asked the cloud administrator to give these developers access to the fileshares in the public cloud environment.

Which of the following is the BEST approach for the cloud administrator to take?

80. A private cloud administrator needs to configure replication on the storage level for a required RPO of 15 minutes and RTO of one hour.

Which of the following replication types would be the BEST to use?

81. A company’s Chief Information Officer (CIO) wants to manage PII by delegating access to sensitive files to the human resources department. The cloud engineer is tasked with selecting and implementing an appropriate technique to achieve the stated objective.

Which of the following control methods would be BEST for the cloud engineer to implement?

82. A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider.

Which of the following tasks are MOST appropriate for the hardening process? (Select TWO).

83. The legal department requires eDiscovery of hosted file shares.

To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings?

84. A CSA is reviewing the deployment of an e-commerce application in a public cloud provider. The CSA wants to ensure the sizing is optimal to keep the cost of the environment down.

The available server configurations are as follows:

A review of the current system shows the following utilization information:

Which of the following should the CSA implement to ensure the MOST optimal sizing?

85. A cloud administrator is securing an application hosted by an IaaS provider. The operating system on the VM has been updated.

Which of the following should the administrator use to BEST secure the VM from attacks against vulnerable services regardless of operating system?

86. A consultant is helping a gaming-as-a-service company set up a new cloud. The company recently bought several graphic cards that need to be added to the servers.

Which of the following should the consultant suggest as the MOST cost effective?

87. A company wants to take advantage of cloud benefits while retaining control of and maintaining compliance with all its security policy obligations.

Based on the non-functional requirements, which of the following should the company use?

88. A VM was successfully tested in a lab environment. As part of the deployment preparation, the image needs to be backed up for use in the multi-rollout accompanied by orchestration templates.

Which of the following should be used to create the image?

89. A new cloud infrastructure needs to meet the following requirements:

✑ Resources are accessible to internal and external clients.

✑ Existing hardware assets are utilized.

✑ Security controls are managed by company employees.

Which of the following deployment models BEST fit these requirements?