By: Author Alex Lim
Posted on Last updated:
Question 61: Which of the following are NVMe-oF performance monitoring best practices?
A. Use real-time telemetry to get the data you need from the network
B. Network switches should have dedicated telemetry application-specific integrated circuits (ASICs)
C. Select tools that will provide clear information and analysis
D. Use AI, machine learning and analytics to identify and fix problems
E. All of the above
Correct Answer: E. All of the above
Explanation: Network switches are already producing the data you need to monitor an NVMe-oF storage network. To not affect performance, use network taps to enable a real-time feed of data back to the analysis software. Dedicated telemetry ASICs are another option that has no performance impact. Network admins will need the data presented in a way that makes it fast and easy for them to identify problems. Tools with AI, machine learning and big data analytics can be helpful in diagnosing and automatically correcting problems.
Question 62: SaaS providers manage and secure all the following except:
A. Infrastructure
B. OS
C. Application stack
D. Access controls
Correct Answer: D. Access controls
Explanation: While SaaS providers manage and secure the infrastructure, OS and application stack, enterprise security and IT teams are responsible for managing access controls and configurations in SaaS applications, among other duties.
Question 63: Which data may not be suitable for public clouds?
A. Legacy application data
B. Mission-critical workloads
C. Sensitive data
D. All of the above
Correct Answer: D. All of the above
Explanation: Not all applications and their data are suitable for public cloud use. Legacy applications, mission-critical workloads and sensitive data — such as credit card information — may not be the best fit for a public cloud environment. Private or hybrid clouds may be more secure options.
Question 64: What percentage of web application attacks were attributed to cloud-based email servers, according to Verizon’s 2019 Data Breach Investigations Report (DBIR)?
A. 20%
B. 40%
C. 60%
D. 80%
Correct Answer: C. 60%
Explanation: The Verizon 2019 DBIR analyzed 41,686 security incidents, of which 2,013 were confirmed data breaches. The research concluded, 60% of the time, the compromised web application vector was the front end to cloud-based email servers.
Question 65: In which environment do admins have the most control over cloud app security?
A. PaaS
B. SaaS
C. IaaS
D. SECaaS
Correct Answer: A. PaaS
Explanation: In a PaaS environment, security and IT teams are provided more control of an application. They are responsible for application configuration, performance and delivery when patching or upgrading but not for the OS or hypervisor stack.
Question 66: Simple Cloud, jclouds and Libcloud are all examples of:
A. Vendor-specific cloud APIs
B. Cross-platform APIs
C. IaaS APIs
D. Apache APIs
Correct Answer: B. Cross-platform APIs
Explanation: Cross-platform APIs, such as Simple Cloud (part of the Zend Framework), Apache jclouds and Apache Libcloud, enable developers to use the same commands and parameters to perform tasks, regardless of cloud provider.
Question 67: Which is not a form of confidential computing?
A. Zero-trust networks
B. Trust execution environments
C. Fully hom*omorphic encryption
D. Secure multiparty computation
Correct Answer: A. Zero-trust networks
Explanation: The four broad categories of confidential computing include trust execution environments, fully hom*omorphic encryption, differential privacy and secure multiparty computation — not zero-trust networks.
Question 68: When is centralized cloud application monitoring most useful?
A. When applications must span hybrid architectures
B. When applications are hosted solely in the cloud
C. When an organization’s applications are all on premises
D. When an organization uses a single cloud application
Correct Answer: A. When applications must span hybrid architectures
Explanation: Centralizing data from various cloud platforms into a single tool that presents a single view is suitable for applications that must span a hybrid architecture end to end and include both on-premises and public cloud resources.
Question 69: During which phase of a cloud migration framework is security the most critical?
A. Discovery phase
B. Cloud migration phase
C. Operations phase
D. All of the above
Correct Answer: D. All of the above
Explanation: Security should be considered in every phase of a cloud application migration — from discovery to actual migration to when the app is live in the cloud — and beyond, including if the app needs patching or other updates.
Question 70: A zero-trust cloud security approach:
A. Eliminates the perimeter
B. Moves the perimeter closer to protected areas
C. Expands the perimeter to end-user devices
D. None of the above
Correct Answer: B. Moves the perimeter closer to protected areas
Explanation: A zero-trust approach to cloud security does not eliminate the perimeter. It uses network and application layer microsegmentation to move the perimeter as close as possible to privileged apps and protected surface areas.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [emailprotected] or follow him on Website | Twitter | Facebook
