Section 4: Exploring Virtualization and Cloud Concepts

Question 1

In a cloud environment, what is elasticity?

Answer 1

Allows you to increase and decrease cloud resources as you need them.

Question 2

In which cloud environment would you install the software and then have to update the patches?

Answer 2

Infrastructure as a Service (IaaS) requires you to install the operating systems and patch the machines. The CSP provides bare-metal computers.

Question 3

What cloud model would you not be allowed to migrate to?

Answer 3

Software as a Service (SaaS) is a custom application written by a vendor. You cannot migrate to it.

Question 4

What is the major benefit of using a public cloud?

Answer 4

No capital expenditure.

Question 5

What is a cloud single-tenant model?

Answer 5

Also a private cloud, you either own the hardware or the CSP puts you on hardware that’s isolated from other customers.

Question 6

What is a cloud multi-tenant model?

Answer 6

A public cloud.

Question 7

Describe how a community cloud operates.

Answer 7

People from the same industry design and share the cost of a bespoke application and its hosting, making it cost-effective.

Question 8

Who is responsible for the disaster recovery of hardware in a cloud environment?

Answer 8

The CSP.

Question 9

What is a Cloud Access Security Broker (CASB)?

Answer 9

Enforces security, updates clients, and ensures that the policies between the on-prem situation and cloud are enforced.

Question 10

What model is it if you own the premises and the entire IT infrastructure resides there?

Answer 10

Private. On-prem means you own the building and work solely from there.

Question 11

What is a hybrid cloud model?

Answer 11

A company is using a mixture of on-prem and cloud.

Question 12

What type of cloud service deals with identity management?

Answer 12

Security as a Service (SECaaS).

Question 13

Where will a diskless virtual host access its storage?

Answer 13

Storage Area Network (SAN).

Question 14

If you have a virtual switch that resides on a SAN, what connector will you use for a VLAN?

Answer 14

iSCSI connector.

Question 15

What type of disks does a SAN use?

Answer 15

Fast disks, like SSDs.

Question 16

What is the machine that holds several VMs called?

Answer 16

A host. It holds a number of virtual machines, needs fast disks, memory and CPU cores.

Question 17

What is a guest, and what can you use as a rollback option?

Answer 17

A virtual machine, which you can restore from a snapshot in seconds.

Question 18

In a virtual environment, what is sandboxing?

Answer 18

A cybersecurity practice in which you isolate an application for patching or testing or because it is dangerous.

Question 19

Which is faster for data recovery: a snapshot or a backup tape?

Answer 19

Snapshot.

Question 20

What is a Type 1 hypervisor?

Answer 20

A bare-metal hypervisor, like Hyper-V, ESX, and Xen.

Question 21

What is a Type 2 hypervisor?

Answer 21

A hypervisor that sits on top of an operating system, like VirtualBox.

Question 22

Why does HVAC produce availability for a data center?

Answer 22

HVAC keeps servers cool by importing cold air and exporting hot air. CPU overheating will cause the server to crash.

Question 23

What do you call the cloud model where people from the same industry share resources and the cost of the cloud model?

Answer 23

Community cloud.

Question 24

What is an example of cloud storage for a personal user?

Answer 24

iCloud
Google Drive
Microsoft OneDrive
Dropbox

Question 25

Explain the functionality of fog computing.

Answer 25

Intermediary between the device and the cloud. Allows data to be processed closer to the device, reduces latency and cost.

Question 26

What is edge computing?

Answer 26

Allows data storage to be closer to the sensors rather than miles away in a data center.

Question 27

What are containers?

Answer 27

Allows the isolation of applications and their files and libraries so that the application is independent. Docker is an example.

Question 28

What is infrastructure as code?

Answer 28

Allows you to automate your infrastructure, like using PowerShell DSC.

Question 29

Describe services integration.

Answer 29

Combination of business and IT functions into a single business solution.

Question 30

What are cloud resource policies?

Answer 30

Policies that state the actions and access levels someone has in relation to a particular resource.

Question 31

What is system sprawl, and what is a way to prevent it?

Answer 31

Where a VM or host has run out of resources. Best way to avoid this is thin provisioning.

Question 32

What is the best way to protect against VM escape?

Answer 32

In VM escape, an attacker will use a vulnerable VM to attack the host of another VM. Best protection against this is to ensure the hypervisor and all VMs are fully patched.

Question 33

What is a cloud region, and how can it provide redundancy?

Answer 33

Consists of multiple physical locations called zones. Data can be spread across multiple zones for redundancy.

Question 34

What is secret management, and what encryption levels protect the secret management key?

Answer 34

Secret management uses a vault to store keys, passwords, tokens and SSH keys used for privileged accounts. It uses RSA 2048-bit keys to protect the secret.

Question 35

Explain the main difference between LRS and ZRS. Which one is the cheapest?

Answer 35

Locally Redundant Storage (LRS) replicates 3 copies of your data to a single physical location and is the cheapest option.

Zone Redundant Storage (ZRS) replicates 3 copies of your data to 3 separate zones within your region.

Question 36

Why would a VPC use private and public subnets?

Answer 36

A form of network segmentation.

Question 37

What type of resources would be held on a public subnet?

Answer 37

Resources that need access to the internet, like company web servers. A NAT gateway and an internet gateway would also be on these subnets.

Question 38

What type of resources would be held on a private subnet?

Answer 38

Resources that should not have direct internet access, like database servers, domain controllers and email servers.

Question 39

How would someone connect to a VPC?

Answer 39

A VPN connection using L2TP/IPSec.

Question 40

Where should a default route be pointing for a device within a private subnet, and what is its purpose?

Answer 40

Default route of 0.0.0.0 should be pointing to either the NAT gateway or the internet gateway.

When network traffic does not know where to go, it will be sent to the default route as a last resort.

Question 41

Why might a third-party cloud solution be better than a cloud-native solution?

Answer 41

Third-party tools allow more flexibility.