- (Topic 1)
A cloud architect wants to minimize the risk of having systems administrators in an IaaS compute instance perform application code changes. The development group should be the only group allowed to modify files in the directory.
Which of the following will accomplish the desired objective?
Correct Answer:
B
File write permissions are permissions that control who can modify or delete files in a directory or system. Restricting the file write permissions to the development group only can help minimize the risk of having systems administrators in an IaaS compute instance perform application code changes, as it can prevent anyone other than the development group from altering or removing any files in the directory where the application code is stored. Restricting the file write permissions can also help maintain consistency and integrity, as it can ensure that only authorized and qualified users can make changes to the application code. References: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
- (Topic 4)
A Cloud administrator needs to reduce storage costs. Which of the following would BEST help the administrator reach that goal?
Correct Answer:
B
The correct answer is B. Implementing deduplication would best help the administrator reduce storage costs.
Deduplication is a technique that eliminates redundant copies of data and stores only one unique instance of the data. This can reduce the amount of storage space required and lower the storage costs. Deduplication can be applied at different levels, such as file-level, block-level, or object-level. Deduplication can also improve the performance and efficiency of backup and recovery operations.
Enabling compression is another technique that can reduce storage costs, but it may not be as effective as deduplication, depending on the type and amount of data. Compression reduces the size of data by applying algorithms that remove or replace redundant or unnecessary bits. Compression can also affect the quality and accessibility of the data, depending on the compression ratio and method.
Using containers and rightsizing the VMs are techniques that can reduce compute costs, but not necessarily storage costs. Containers are lightweight and portable units of software that run on a shared operating system and include only the necessary dependencies and libraries. Containers can reduce the overhead and resource consumption of virtual machines (VMs), which require a full operating system for each instance. Rightsizing the VMs means adjusting the CPU, memory, disk, and network resources of the VMs to match their workload requirements. Rightsizing the VMs can optimize their performance and utilization, and avoid overprovisioning or underprovisioning.
- (Topic 2)
A database analyst reports it takes two hours to perform a scheduled job after onboarding 10,000 new users to the system. The analyst made no changes to the scheduled job before or after onboarding the users. The database is hosted in an IaaS instance on a cloud provider. Which of the following should the cloud administrator evaluate to troubleshoot the performance of the job?
Correct Answer:
A
To troubleshoot the performance of a scheduled job that takes two hours to run after onboarding 10,000 new users to a cloud-based system, the administrator should evaluate the IaaS compute configurations, the capacity trend analysis reports, and the storage IOPS. These factors can affect the performance of a database job in an IaaS instance on a cloud provider. The IaaS compute configurations include the CPU, memory, and network resources assigned to the instance. The capacity trend analysis reports show the historical and projected usage and demand of the resources. The storage IOPS (Input/Output Operations Per Second) measure the speed and performance of the disk storage. The administrator should check if these factors are sufficient, optimal, or need to be adjusted to improve the performance of the job.
- (Topic 2)
A Chief Information Security Officer (CISO) is evaluating the company’s security management program. The CISO needs to locate all the assets with identified deviations and mitigation measures. Which of the following would help the CISO with these requirements?
Correct Answer:
D
A risk register is a document that records all the identified risks, their causes, impacts, probabilities, mitigation measures, and status for a project or an organization. A risk register helps to manage and monitor risks throughout their lifecycle and ensure they are addressed appropriately. A risk register would help the CISO to locate all the assets with identified deviations and mitigation measures.
- (Topic 3)
A company is migrating workloads from on premises to the cloud and would like to establish a connection between the entire data center and the cloud environment. Which of the following VPN configurations would accomplish this task?
Correct Answer:
A
A site-to-site VPN is a type of VPN configuration that establishes a secure connection between two networks, such as a data center and a cloud environment. A site- to-site VPN allows all the devices in one network to communicate with all the devices in the other network, without requiring individual VPN clients or connections. A site-to-site VPN is suitable for a company that is migrating workloads from on premises to the cloud and would like to establish a connection between the entire data center and the cloud environment, as it can provide seamless and secure access to both networks.