Chapter 4 Virtualization and Cloud Concepts

Question 1

In a cloud environment, what is elasticity?

Answer 1

Elasticity allows you to increase and decrease cloud resources as you need them.

Question 2

In which cloud environment would you install the software and then have to update the patches?

Answer 2

Infrastructure as a Service (IaaS) requires you to install the operating systems and patch the machines. The CSP provides bare-metal computers.

Question 3

What cloud model would you not be allowed to migrate to?

Answer 3

SaaS is a custom application written by a vendor, and you cannot migrate to it.

Question 4

What is the major benefit of using a public cloud?

Answer 4

The major benefit of a public cloud is that there is no capital expenditure.

Question 5

What is a cloud single-tenant model?

Answer 5

A private cloud is a single-tenant setup in which you either own the hardware or the CSP puts you on hardware that’s isolated from its other customers.

Question 6

What is a cloud multi-tenant model?

Answer 6

A public cloud is multi-tenant.

Question 7

Describe how a community cloud operates

Answer 7

With a community cloud, people from the same industry (such as a group of lawyers) design and share the cost of a bespoke application and its hosting, making it cost-effective.

Question 8

Who is responsible for the disaster recovery of hardware in a cloud environment?

Answer 8

The CSP is responsible for hardware failure.

Question 9

What is a Cloud Access Security Broker (CASB)?

Answer 9

The CASB enforces security, updates clients, and ensures that the policies between the on-premises situation and the cloud are enforced.

Question 10

What model is it if you own the premises and the entire IT infrastructure resides there?

Answer 10

On-premises means you own the building and work solely from there.

Question 11

What is a hybrid cloud model?

Answer 11

A hybrid cloud is where a company is using a mixture of on-premises and the cloud.

Question 12

What type of cloud service deals with identity management?

Answer 12

Security as a Service (SECaaS) provides secure identity management.

Question 13

Where will a diskless virtual host access its storage?

Answer 13

A diskless virtual host will get its disk space from an SAN

Question 14

If you have a virtual switch that resides on a SAN, what connector will you use for a VLAN?

Answer 14

A VLAN on a SAN will use an iSCSI connector.

Question 15

What type of disks does a SAN use?

Answer 15

An SAN will use fast disks, such as SSDs

Question 16

What is the machine that holds several VMs called?

Answer 16

A host (Hypervisor) holds a number of virtual machines; it needs fast disks, memory, and CPU cores.

Question 17

What is a guest, and what can you use as a rollback option?

Answer 17

A guest is a virtual machine-for example, a Windows 10 virtual machine. A snapshot can be used to roll back to a previous configuration.

Question 18

In a virtual environment, what is sandboxing?

Answer 18

Sandboxing is a cybersecurity practice in which you isolate an application for patching or testing or because it is dangerous.

Question 19

Which is faster for data recovery: a snapshot or a backup tape?

Answer 19

A snapshot is faster at recovering than any other backup solution. You can restore a snapshot in seconds.

Question 20

What is a Type 1 hypervisor?

Answer 20

A Type 1 hypervisor is a bare-metal hypervisor. Some examples are Hyper-V, ESX, and Xen

Question 21

What is a Type 2 hypervisor?

Answer 21

A Type 2 hypervisor is a hypervisor that sits on top of an operating system, for example, VirtualBox, which could be installed on a Windows 10 desktop.

Question 22

Why does HVAC produce availability for a data center?

Answer 22

HVAC keeps the servers cool by importing cold air and exporting hot air. If a server’s CPU overheats, it will cause the server to crash

Question 23

What do you call the cloud model where people from the same industry share resources and the cost of the cloud model?

Answer 23

A community cloud is where people from the same industry share resources.

Question 24

What is an example of cloud storage for a personal user?

Answer 24

Cloud storage for personal users could be iCloud, Google Drive, Microsoft OneDrive, or Dropbox.

Question 25

Explain the functionality of fog computing.

Answer 25

Fog computing is an intermediary between the device and the cloud. It allows the data to be processed closer to the device. It reduces latency and cost.

Question 26

What is edge computing?

Answer 26

Edge computing allows data storage to be closer to the sensors rather than miles away in a data center.

Question 27

What are containers?

Answer 27

A container allows the isolation of the applications and their files and libraries so that the application is independent. Docker is a good example.

Question 28

What is infrastructure as code?

Answer 28

Infrastructure as code allows you to automate your infrastructure-for example, using PowerShell DSC.

Question 29

Describe services integration.

Answer 29

This is the combination of business and IT functions into a single business solution.

Question 30

What are cloud resource policies?

Answer 30

These are policies that state the actions and access levels someone has in relation to a particular resource.

Question 31

What is system sprawl, and what is a way to prevent it?

Answer 31

This is where a virtual machine or host has run out of resources. The best way to avoid this is to use thin provisioning.

Question 32

What is the best way to protect against VM escape?

Answer 32

n VM escape, an attacker will use a vulnerable virtual machine to attack the host of another virtual machine. The best protection against this attack is to ensure that the hypervisor and all virtual machines are fully patched.

Question 33

What is a cloud region, and how can it provide redundancy?

Answer 33

A cloud region consists of multiple physical locations called zones; data can be spread across multiple zones for redundancy.

Question 34

What is secret management, and what encryption levels protect the secret management key?

Answer 34

Secrets management uses a vault to store keys, passwords, tokens, and SSH keys used for privileged accounts. It uses RSA 2048-bit keys to protect the secret management access key.

Question 35

Explain the main difference between LRS and ZRS. Which one is the cheapest?

Answer 35

LRS replicates three copies of your data to a single physical location. This is the cheapest option. ZRS is where three copies of the data are replicated to three separate zones within your region.

Question 36

Why would a VPC use private and public subnets?

Answer 36

They would be used as a form of network segmentation.

Question 37

What type of resources would be held on a public subnet?

Answer 37

Resources that need access to the internet, for example, company web servers. A NAT gateway and an internet gateway would also be on these subnets.

Question 38

What type of resources would be held on a private subnet?

Answer 38

Resources that should not have direct internet access, such as database servers, domain controllers, and email servers.

Question 39

How would someone connect to a VPC?

Answer 39

A VPN connection using L2TP/IPSec should be used to connect to a VPC.

Question 40

Where should a default route be pointing for a device within a private subnet, and what is its purpose?

Answer 40

The default route of 0.0.0.0 should be pointing to either the NAT gateway or the internet gateway. When network traffic does not know where to go, it will be sent to the default route as a last resort.

Question 41

Why might a third-party cloud solution be better than a cloud-native solution?

Answer 41

The third-party tools will offer more flexibility.