CIS Test 3 Flashcards
(400 cards)
1
Q
When is Cold Server-to-Server VM migration typically used?
A
Cold migration is typically used when a VM needs to be moved to another remote location or VDC.
2
Q
Concurrent VM Server-to-Server Migration
A
Migrate a VM simultaneously to multiple hypervisors.
3
Q
Hot-Suspended VM Server-to-Server Migration
A
Migrate a VM that is suspended.
4
Q
Cold VM Server-to-Server Migration
A
Migrate a VM that is powered off.
5
Q
Hot-On VM Server-to-Server Migration
A
Migrate a VM that is powered on.VM needs to be quiesced before migration.
6
Q
4 Major Modes of VM Migration Between Servers
A
1) Hot-On 2) Cold 3) Hot-Suspended 4) Concurrent
7
Q
VM state information
A
Include memory contents and all other information which identifies the VM.
8
Q
Involves moving the entire active state of a VM from the source hypervisor to the target.
A
VM migration
9
Q
VM identification information
A
Data, which maps the VM hardware elements such as BIOS, devices, CPU, and MAC address for Ethernet cards.
10
Q
What happens after VM migration is complete
A
The VM in the source hypervisor needs to be deleted after migration is complete. Virtual disks are also deleted if they were actually moved.
11
Q
True or False: In case of array-to-array migration, virtual disks are always moved from source array to target array.
A
TRUE
12
Q
True or False: In case of server-to-server VM migration, virtual disks are not moved within clustered servers.
A
TRUE
13
Q
Types of VM Migration
A
1) Server-to-Server 2) Array-to-Array
14
Q
Involves movement of entire active state of a VM
A
VM migration process
15
Q
Moving a VM from one hypervisor to another hypervisor
A
VM Migration
16
Q
Asynchronous Replication Characteristics
A
Extended distanceNon zero RPO
17
Q
Synchronous replication characteristics
A
Limited distanceNear zero RPO
18
Q
All VM files are copied to the remote site.
A
Array-Based REMOTE Replication of VMs
19
Q
LUNs are replicated between two sites using storage array replication technology.
A
Array-Based REMOTE Replication of VMs
20
Q
True or False: VMs typically reside on LUNs that reside on the same storage arrays. In single-site replication, these LUNs are replicated using the array controller within the same storage array.
A
TRUE
21
Q
Replication is done using array controller within the SAME storage array.
A
Array-Based LOCAL Replication of VMs
22
Q
Creates copies of LUNs that contain VM files on the same storage array.
A
Array-Based Local Replication of VMs
23
Q
Benefits of VM Templates
A
Increased efficiency, consistency and standardization. Repetitive installation and configuration tasked can be avoided. Deploying VMs from VM templates helps to enforce standards.
24
Q
A reusable image created from a VM
A
VM Template
25
Two ways a VM Template is created
1) Convert a powered-off VM into a template. 2) Clone a VM into a template.
26
Master copy to create and provision new VMs.
VM Template
27
How does a linked clone differ from a snapshot?
A linked clone is a running VM that would change its state over time. However, a snapshot is only a state of the VM at a specific point-in-time, which cannot change on its own.
28
How is a linked clone handled after being made from a snapshot of the parent VM?
The snapshot is given a separate network identity and assigned to the hypervisor to run as independent VM.
29
How is a linked clone made?
From a snapshot of the parent VM.
30
How are writes of a linked clone captured?
Writes of the linked clone are captured in a separate delta disk of smaller size.
31
True or False: The virtual disk of the parent VM is read-only for the linked clone.
TRUE
32
Clone type that shares virtual disks with the parent VM
Linked Clone
33
True or False: The cloning process for a Full Clone may take a relatively longer time than a linked clone.
TRUE
34
An independent copy of a VM that does not share virtual disks with the parent.
Full Clone
35
Two type of VM clones
1) Full Clone 2) Linked Clone
36
Why is VM cloning helpful?
Installing a guest OS and applications on multiple VMs is a time consuming task. With clones, a user can make many copies of a VM from a single installation and configuration process.
37
Does a clone VM have a different MAC address than the parent VM?
Yes
38
Does a clone VM have a separate network identity from the parent VM?
Yes.
39
Can a clone VM share virtual disks with the parent VM?
Yes, in the case of a Linked clone.
40
True or False: Changes made to the parent VM do not appear in a clone.
TRUE
41
True or False: Changes made to a clone VM do not affect the parent VM.
TRUE
42
Created when the VM is required for a DIFFERENT use (for example, an identical VM needs to be deployed for testing purposes)
VM Clone
43
An identical copy of an existing VM
VM Clone
44
Reverting a VM to snapshot causes what?
Causes all settings configured in the Guest OS to be reverted to an earlier point in time.
45
When is a VM snapshot useful?
Useful when a VM needs to be reverted to the same state again. For example, when using a VM for testing purposes, upgrading or patching applications and servers.
46
Data of a VM consists of what?
Data includes all the files that makeup the VM including virtual disks, memory, and other devices, such as virtual NIC.
47
VM state consists of what?
State includes VM configuration files as well as its power status (on, off, suspended).
48
Preserves the state and data of a VM at a specific point in time
VM Snapshot
49
How storage array based replication works
Works by copying LUNs of the source VM to the target array.
50
Is performed at the storage array level.Is similar to traditional array based replication in the CDC.Is performed either at local (primary) site or to a remote (secondary) site.
Storage array-based replication
51
Enables replicating VMs between dissimilar storage.Creates VM snapshot, VM clone, or VM template.
Compute-based replication
52
Two VM replication methods
1) Compute-based replication 2) Storage array based replication
53
Where is quiescing performed?
At the application level, to achieve application-level consistency. Applications complete any pending transactions and write the pending data to the disk.
54
Pauses currently running applications within a VM and forcibly flushes all data in the memory to the disk.
Quiescing
55
Needed to ensure data integrity before VM replication starts
Quiescing of VM
56
Where VM replication is performed.
At the hypervisor level
57
VM restore steps
1) Selection of VM and virtual disks to restore from backup. 2) Selection of the destination. 3) Configuration settings.
58
Candidates for deduplication
Backup images of VM disk files
59
Backup that can be restored to dissimilar hardware resources and can recover servers remotely.
Image-based backup
60
Advantage of an image-based backup
All information can be collected in a single pass, providing a Bare Metal Recovery (BMR) capability.
61
Creates a copy of the guest OS, its data, VM state, and configurations.Restores directly at VM level only.Operates at hypervisor level.Mounts image on backup server.
Image-based backup
62
Requires installing a backup agent on a hypervisor.Cannot backup LUNs directly attached to a VM.
Backup VM files
63
Requires installing a backup agent on a VM.Can only backup virtual disk data.
Backup VM as a physical server
64
Disadvantage to backup of VM files
LUNs assigned directly to a VM (using RDM) cannot be backup up using this approach.
65
Backup method that uses snapshot and cloning techniques
Array-based
66
Backup option that may have a guest OS dependency, owing to file system structure.
File-based backup
67
Backup option that does not provide a way to access individual files
Image-based backup
68
Backup option that provides a way to access individual files.
File-based backup does.
69
Backup optimization method
Deduplication
70
Backup Options
1) File based 2) Image based
71
Included in a VM backup
Virtual disks containing system and application data. Configuration data including network and power state.
72
Site Failover Dependencies
VM migration capability - Reliable network infrastructure - Data backup and replication functionality
73
Preferred type of hypervisor for BC
Bare-metal (Type 1) hypervisor running directly on the physical compute.
74
IEEE 802.1AX
Link Aggregation Standard
75
True or False: After a NIC team is configured, the VM will not be aware of the underlying physical NICs.
TRUE
76
Enables failover in case of physical NIC failures / link outages
Physical NIC teaming
77
Supports the IEEE 802.1AX-2008 link aggregation standard.
Physical NIC teaming
78
Technique to enable multiple paths for accessing the same storage device.Provides dynamic failover to an alternate path if current active path fails.
Multipathing to storage
79
Requirements for multipating
1) Server needs two or more HBAs available.or 2) One HBA port is set up with multiple storage controllers
80
Causes of virtual network failure
1) An incorrect operation of the software components (e.g., virtual NIC, virtual switch). 2) Failure in the compute infrastructure (e.g., physical server going down, hypervisor crashes, VM crashes).
81
Three methods to protect physical networks using redundancy
1) Interconnect devices with redundant hot swappable components. 2) Redundant links and multipathing. 3) Redundant NICs and NIC teaming.
82
How to achieve high-availability design for storage infrastructure
1) Redundant array controllers to address primary array controller failures. 2) Redundant ports in a storage array if one of the currently active port fails. 3) Redundant storage array for when the whole array goes down.
83
Redundant Storage Components
Array Controllers - Ports in a Storage Array - Storage Arrays
84
Standby disk drive in a RAID array
Hot spare
85
Provides data protection against drive failures
RAID
86
True or False: The two VMs essentially access a common storage and appear as a single entity with a single IP address and a single MAC address to other VMs.
TRUE
87
Describe VMFT Failover
The primary and secondary VMs check the status of each other using heartbeats. If the primary VM fails, the other takes over immediately.
88
True or False: In a VMFT scenario, the primary and secondary VMs share the same virtual disk using VMFS, but all output (e.g., write) operations are performed only by the primary VM.
TRUE
89
VMFT
Virtual Machine Fault Tolerance
90
Creates a live instance of the primary VM that runs on another physical machine.
Virtual Machine Fault Tolerance (VMFT)
91
Uses a secondary VM running on another physical machine as a live copy of the primary VM.
VM Fault Tolerance
92
True or False: VMFS ensures that a VM cannot be opened by more that one hypervisor at a time.
True. When a VM is operating, VMFS locks those files so that other hypervisors cannot update them.
93
What does VMFS provide?
VMFS provides multiple VMs with shared access to a consolidated pool of clustered storage. A VM sees the (virtual) disks in a VMFS as local targets, when they are actually just files on the VMFS volume.
94
Uses a clustered file system, such as VMFS, to enable failover.
Clustered servers
95
Provides protection from server and hypervisor failures.
Clustered servers
96
Groups of physical servers are combined and managed as an aggregated compute resource pool.
Clustered Servers
97
How is failover enabled in a server cluster?
Clustered servers use a clustered file system, such as VMFS, to enable failover.
98
Other ways to eliminate SPOFs in a VDC
1) Configure multiple copies of virtual disks and VM configuration files. 2) Implement server clustering. 3) Employ a fault tolerance mechanism whereby two VMs in a cluster access the same set of storage volumes. If one of the VM fails, the other takes up the complete workload.
99
How to mitigate the effect of a local site failure
Implementation of a storage array at a remote site to replicate data
100
How to ensure continuous operation in the event of a disk failure
RAID configuration
101
How to enhance a storage array's accessibility
Configure multiple storage array ports
102
Mitigation of switch failure
Configure multiple fabrics
103
Mitigation of single HBA failure
Configure multiple HBAs
104
SPOFs in VDC Network Infrastructure
Network components - Virtual network
105
SPOFs in VDC Storage Infrastructure
Storage array and its components - Virtual disks
106
SPOFs in VDC Compute Infrastructure
Physical server and hypervisor - VM and guest OS
107
True or False: Restoring of data after an outage in a VDC is faster and more reliable, compared to a CDC.
TRUE
108
True or False: It is comparatively easier to maintain VM copies in diverse geographic locations, which makes the BC process robust.
TRUE
109
True or False: Different DR policies may be applied to different VMs, even if they are running on the same physical server.
TRUE
110
Six Advantages of Compute Virtualization in BC
1) Hardware independence 2) Cross platform compatibility 3) Mutual isolation 4) Encapsulation of complete computing environment 5) Relatively robust BC processes 6) Higher data availability
111
Included in BC technology for data protection
Backup and replication of data (similar to CDC environment).
112
BC planning should include what?
End-to-end protection of both physical and virtual resources at the compute, storage, and network layers.
113
Ensuring BC mainly involves what?
Redundancy of components at each layer (compute, storage, & network)
114
Backup option that is independent of the guest OS running on the VM.
Image-based backup
115
Cloud Challenges for the Provider
1) Service Warranty and Service Cost 2) Huge Numbers of Software to Manage 3) No Standard Cloud Access Interface
116
Cloud Challenges for the Consumer
1) Security and Regulation 2) Network Latency 3) Supportability 4) Interoperability
117
Key cost savings provided by cloud computing
Savings in:1) Infrastructure costs 2) Management costs 3) Power and energy costs
118
Cloud deployment model where the cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns.Managed by organizations or by a third party.
Community Cloud
119
Advantage of a hybrid cloud approach
Allows a business to take advantage of the scalability and cost-effectiveness that a public Cloud Computing environment offers without exposing mission critical applications and data to third-party vulnerabilities.
120
Cloud deployment model where an organization consumes resources from both private and public Clouds.
Hybrid Cloud
121
Another name for an on-premise private cloud
Internal cloud
122
Two variations of the Private Cloud model
1) On-Premise Private Cloud 2) Externally-Hosted Private Cloud
123
Three Deployment Models of Cloud Computing
1) Private 2) Public 3) Hybrid
124
Software-as-a-Service solution for CRM applications
Salesforce.com
125
Software-as-a-Solution for online backup
EMC Mozy
126
Advantages of SaaS
1) Reduces the need for infrastructure (because storage and compute powers can be provided remotely). 2) Reduces the need for manual updates (because SaaS providers can perform those tasks automatically).
127
Cloud model where billing is based on application usage.
Software-as-a-Service
128
Cloud model where application is accessible from various client devices (e.g., via a thin client interface such as a Web browser).
Software-as-a-Service
129
Complete stack including application is provided as a service.
Software-as-a-Service
130
Capability provided to the consumer to use a provider's applications running in a Cloud infrastructure.
Software-as-a-Service
131
PaaS example that provides diverse functionalities to build applications.Visual Studio and .Net are used to build applications.Build applications also in Java and PHP using Eclipse and other tools.
Microsoft Azure Platform
132
PaaS example that provides platform for consumers to deploy or create their own applications.Provides Java and Python environment to create and deploy application.Allows dynamic allocation of system resources for an application based on the actual demand.
Google App Engine
133
PaaS Examples
1) Google App Engine 2) Microsoft Azure Platform
134
Cloud model where consumer has control over deployed applications and possible application hosting environment configurations.
Platform-as-a-Service
135
Cloud model where consumer is billed for platform software components (OS, DB, middleware)
Platform-as-a-Service
136
Capability provided to the consumer to deploy consumer-created or acquired applications on the Cloud provider's infrastructure.
Platform-as-a-Service
137
Example of an IaaS model that provides resizable compute capacity on a pay-per-use basis.
Amazon Elastic Compute Cloud (EC2)
138
IaaS example that provides Storage as a service, Internet accessible, on demand service
EMC Atmos Online
139
IaaS Examples
1) Amazon Elastic Compute Cloud (EC2) 2) EMC Atmos Online
140
True or False: In a IaaS model, scaling and elasticity are the responsibilities of the consumer, not the provider.
TRUE
141
Pays for infrastructure components usage, for example, storage capacity, CPU usage, etc.
Infrastructure-as-a-Service (IaaS)
142
Enables consumers to deploy and run software, including OS and applications.
Infrastructure-as-a-Service (IaaS)
143
Provides capability to the consumer to hire infrastructure components such as servers, storage, and network.
Infrastructure-as-a-Service (IaaS)
144
Three Categories of Cloud Services
1) Infrastructure-as-a-Service (IaaS) 2) Platform-as-a-Service (PasS) 3) Software-as-a-Service (SaaS)
145
Five Cloud Computing Benefits
1) Reduced IT Cost 2) Business Agility Support 3) Flexible Scaling 4) High Availability 5) Less Energy Consumption
146
Enable transforming capital expenditure (CAPEX) into 'pay as you use' operational cost.
Metered services
147
Provides billing and chargeback information for the Cloud resource used by the consumer.
Metered Service
148
Ability to scale IT resources rapidly, as required, to fulfill the changing needs without interruption of service.
Rapid Elasticity
149
Basis for dynamic assignment and reassignment of resources
Consumer demand
150
Pooled to serve multiple consumers
IT resources (compute, storage, network)
151
True or False: The consumer has no knowledge about the exact location of the resources provided.
TRUE
152
Enables accessing the services from anywhere across the globe.
Broad Network Access
153
Eliminates the need for accessing a particular client platform to access the services.
Broad Network Access
154
Client platforms from which cloud services are accessed.
Desktop computers - Laptops - Mobile phones - Thin Clients
155
Allows provisioning of resources using self-service interface.
On-Demand Self-Service
156
Facilitates consumer to leverage "ready to use" services or, enables to choose required services form the service catalog.
On-Demand Self-Service
157
Enables consumers to get computing resources as and when required, without any human intervention.
On-Demand Self-Service
158
Five essential characteristics of Cloud Computing
1) On-Demand Self Service 2) Broad Network Access 3) Resource Pooling 4) Rapid Elasticity 5) Measured Service
159
A deployed SOA-based architecture provides what?
A set of services that can be used in multiple business domains.
160
Form of distributed computing which applies the resources of numerous computers in a network to work on a single complex task at the same time.
Grid Computing
161
Service provisioning model that offers computing resources as a metered service.
Utility Computing
162
Provides improved utilization of resources.Enables optimization of resources by oversubscription.
Virtualization
163
An architectural approach in which applications make use of services available IN the network.Each service provides a specific function, for example, business function (Payroll Tax Calculation).
Service Oriented Architecture (SOA)
164
Four technological foundations of Cloud Computing
1) Grid Computing 2) Utility Computing 3) Virtualization 4) Service Oriented Architecture (SOA)
165
What differentiates a virtualized data center (VDC) from a Cloud?
a Cloud service management layer on top of the VDC
166
Transforming VDC to Cloud requires what?
A Cloud service management layer on top of the Virtual Data Center (VDC)
167
Which is the Cloud deployment model that will be a suitable choice for a group of organizations with shared concerns?a. Private Cloudb. Hybrid Cloudc. Public Cloudd. Community Cloud
d. Community Cloud
168
Which is an example of software-as-a-service offering?a. Amazon Elastic Compute Cloudb. Google App Enginec. Microsoft Azured. EMC Mozy
d. EMC Mozy
169
Which is an example of infrastructure-as-a-service offering?a. Amazon Elastic Compute Cloudb. Google App Enginec. Salesforce.comd. EMC Mozy
a. Amazon Elastic Compute Cloud
170
Which is an example of platform-as-a-service?a. EMC Atmos onlineb. Salesforce.comc. Google App engined. EMC Mozy
c. Google App engine
171
Which resource may be hired in infrastructure-as-a-service model?a. OSb. Storage Spacec. Middlewared. Database
b. Storage space
172
Formats report with header, footer, logo, and title, ensuring clear understanding of chargeback.
VMware vCenter Chargeback
173
Creates detailed reports on resources used and associated costs.
VMware vCenter Chargeback
174
Includes costs per VM based on actual usage of resources.
Utilization-based cost
175
Includes costs per VM such as the amount of memory, CPU, or storage allocated or reserved for VM.
Allocation-based cost
176
Includes CAPEX, OPEX, and administration costs.
Fixed Cost
177
Enables measurement of three different costs which may be combined to formulate chargeback.
VMware vCenter Chargeback
178
A Cloud service management tool which enables accurate cost measurement for providing services and reporting of resource usage.
VMware vCenter Chargeback
179
Automates several service management activities such as:- CMDB population- Incident creation- Problem creation
VMware Service Manager
180
Enables cost calculation to provide Cloud services.
VMware Service Manager
181
Allows creation and publishing of service catalog.
VMware Service Manager
182
Service management tool that provides best practices for Cloud services management.
VMware Service Manager
183
Allows creating and publishing service offerings via a service catalog.
VMware vCloud Director
184
Allows creating and publishing service offerings via a service catalog.
VMware vCloud Director
185
Allows consumers to request for a service from a service catalog through a Web-based user interface.
VMware vCloud Director
186
Authenticates consumer identities before empowering consumers to request services.
VMware vCloud Director
187
Helps in Cloud user access management.
VMware vCloud Director
188
Enables configuring Vblock resources and activating services
EMC Ionix Unified Infrastructure Manager
189
Provides a dashboard showing Vblock infrastructure configuration and resource utilization.- Helps plan for capacity requirements.
EMC Ionix Unified Infrastructure Manager
190
Provides a topology view of Vblock infrastructure.- Enables locating interconnections of infrastructure components.
EMC Ionix Unified Infrastructure Manager
191
Provides an alerts console that lists alerts against adversely affected resources and services.- Identifies services affected due to problems and root cause of the problems.
EMC Ionix Unified Infrastructure Manager
192
Performs compliance check during resource configuration
EMC Ionix Unified Infrastructure Manager
193
Prevents conflicting resource identity assignments (e.g., accidentally assigning a MAC address to more than one virtual NIC).
EMC Ionix Unified Infrastructure Manager
194
EMC's unified management solution for Vblocks
EMC Ionix Unified Infrastructure Manager
195
Provide integrated, preconfigured, and validated Cloud infrastructure in a box.
Vblocks
196
Pre-architected, pre-configured, pre-tested offerings which have defined performance and availability attributes.
Vblocks
197
Vblock coalition members
VMwareCiscoEMC
198
Industry's first completely integrated Cloud infrastructure offering that includes compute, storage, network, and virtualization products.
Vblock
199
Automation examples
1) CMDB population 2) Incident and problem report creation 3) Analyzing and forecasting capacity requirements 4) Chargeback 5) Compliance enforcement
200
Benefits of Service Management Automation
1) Avoidance of human error. 2) Automatic auditing. 3) Reduced time and effort to manage services. 4) Reduced administration and service cost. 5) Avoidance of non-compliance penalties.
201
Examples of policies and regulations
Configuration best practices - Security rules - Infrastructure maintenance timeline - Backup schedule - Change control process
202
Examples of external legal requirements
Country-specific privacy laws.Location of consumer data.Data retention period.
203
Fulfills compliance requirements while configuring Cloud infrastructure and provisioning Cloud services.
Compliance Management
204
Reviews compliance enforcement to identify and rectify any deviation from compliance requirement.
Compliance Management
205
Goal of Compliance Management
To ensure that Cloud services, service creation processes, and Cloud infrastructure resources comply with policies and legal requirements.
206
Financial Management Activity 4
Deploy tools necessary to collect information on resource usage, record the billing data, and generate the chargeback report per consumer. These tools are integrated with Cloud infrastructure management and service creation tools.
207
Financial Management Activity 3
For each billable unit, define a pricing strategy by choosing pricing options that will allow for recovery of costs identified in activity 1.
208
Financial Management Activity 2
Identify billable units of Cloud services (such as MHz or GHz (compute power), Mb/s or Gb/s (network bandwidth), MB or GB (storage space).
209
Financial Management Activity 1
Analyze and document all relevant costs, including all capital, operational, and administration costs.
210
Chargeback is based on what?
Resource usage by consumers
211
Plans IT budget for Cloud infrastructure and operation.
Financial Management
212
Determines price (chargeback) for Cloud services and ensures profitability.
Financial Management
213
Monitors and reports on allocation and utilization of resources by consumers.
Financial Management
214
Calculates cost (including CAPEX, OPEX, Administration cost) for providing a service.
Financial Management
215
Goal of Financial Management
To manage the Cloud service provider's budgeting, accounting, and charging requirements.
216
How is a service offering typically presented in a Service Catalog?
Using a list of attributes
217
Important Activity in Service Catalog Management
To represent Cloud services in a manner that clearly indicates the value of the services.
218
Common Attributes of a Service in a Service Catalog
Service Name - Description - Features and Options - Service and Support Expectations - Price - Provisioning Timeframe
219
Ensures clarity, completeness, and usefulness when describing service offerings in the Service Catalog.
Service Catalog Management
220
Evaluates and upgrades the Service Catalog continually to include new services and improvements in service offerings.
Service Catalog Management
221
Ensures that the information in the Service Catalog is accurate and up-to-date.
Service Catalog Management
222
Goal of Service Catalog Management
To ensure that a Service Catalog is created and maintained with accurate information on all the available Cloud services.
223
Monitors and compares the stated availability and achieved availability for a Cloud service.
Availability Management
224
Identifies areas where availability must be improved.Required to understand the reasons for a service failure.Gets input from Incident Management and Problem Management
Availability Management
225
Designs and implements the procedures and technical features required to fulfill stated availability of a service.
Availability Management
226
Goal of Availability Management
To design, implement, measure, and improve Cloud services, ensuring stated availability commitments are consistently met.
227
Provides methods to reduce or eliminate the impact of a problem, if a complete solution is not available.
Problem Management
228
Analyzes the incident history and identifies the impending service failures.Identifies and solves errors before a problem occurs.
Problem Management
229
Documents problem history that includes problem detection to resolution information.Provides opportunity to learn lesson for future problem handling.
Problem Management
230
Identifies the root cause of a problem and initiates the most appropriate solution for the problems.
Problem Management
231
Goal of Problem Management
To prevent incidents from exhibiting the common symptom, called the "Problem", from happening, and to minimize the adverse impact of the incidents that cannot be prevented.
232
Third Level Support
Hardware and software manufacturers
233
First level support
Service Desk
234
Prioritizes incidents based on their severity.
Incident Management
235
Corrects errors or failures to bring back Cloud services within targeted timeframe.
Incident Management
236
Documents incident history that includes incident detection to resolution information.- Used as input for Problem Management
Incident Management
237
Transfers error correction activity to Problem Management, if unable to determine the root cause of an incident.
Incident Management
238
Provides temporary solutions to return Cloud services, for example, migrating a service to another resource pool in same or different VDC.
Incident Management
239
Involves multiple support groups to solve incidents.
Incident Management
240
Goal of Incident Management
To return Cloud services to consumers as quickly as possible when unplanned events, called "incidents", cause interruption to services or degrade service qualities.
241
Analyzes performance statistics, and identifies resources and services that are performing below the expected level.
Performance Management
242
Implements changes in resource configuration to improve performance of the resources and consequently cloud services.
Performance Management
243
Determines the required capacity of Cloud infrastructure resources and services to meet the expected performance level.
Performance Management
244
Works with Capacity Management to implement capacity changes.
Performance Management
245
Monitors and measures performance of Cloud Infrastructure resources and services.
Performance Management
246
Goal of Performance Management
To monitor, measure, analyze, and improve the performance of Cloud infrastructure and services.
247
Optimizes utilization of IT resources.
Capacity Management
248
Adds capacity or reclaims excess capacity to/from VMs based on utilization of VMs.
Capacity Management
249
Analyzes capacity consumption trends and plans for future capacity requirements.
Capacity Management
250
Forecasts timing of potential capacity shortfalls.
Capacity Management
251
Plans for procurement and provisioning of capacity when needed.
Capacity Management
252
Identifies over-utilized, under-utilized, and un-utilized resources.
Capacity Management
253
Monitors and analyzes utilization of Cloud infrastructure resources.
Capacity Management
254
Goal of Capacity Management
To ensure that Cloud Infrastructure is able to meet the required capacity demands for Cloud services in a cost effective and timely manner.
255
Checks veracity of information about CIs periodically to ensure that the information in the CMDB is a representation of the CIs used to provide Cloud services.
Service Asset and Configuration Management
256
Updates CMDB when new CIs are deployed or when attributes of CIs change.
Service Asset and Configuration Management
257
CMDB
Configuration Management Database
258
Used by all Cloud service management processes to handle problems and changes in Cloud infrastructure and services.
Configuration Management Database (CMDB)
259
Maintains information about CIs in one or more federated databases called Configuration Management Database (CMDB).
Service Asset and Configuration Management
260
Helps identifying root cause of the problem and assessing the impact of any change in the relationship among CIs.
Service Asset and Configuration Management
261
Maintains information on inter-relationships among CIs (e.g, a service to its consumer, a VM to a service).
Service Asset and Configuration Management
262
Keeps information on used and available capacity of CIs and any issues linked to CIs
Service Asset and Configuration Management
263
Maintains information on attributes of Cloud Infrastructure resources (i.e., CI name, manufacturer name, serial number, version).
Service Asset and Configuration Management
264
Configuration Items (CIs)
Attributes of Cloud services and Cloud Infrastructure resources
265
Goal of Service Asset and Configuration Management
To maintain information on Configuration Items (CIs) and their relationship.
266
9 Processes in Cloud Service Management
1) Service Asset and Configuration Management 2) Capacity Management 3) Performance Management 4) Incident Management 5) Problem Management 6) Availability Management 7) Service Catalog Management 8) Financial Management 9) Compliance Management
267
Processes that work in the background to ensure all services perform as committed.
Cloud Service Management Processes
268
To what do service management processes align delivery of Cloud services?
1) To an organization's business objectives. 2) To the expectation of Cloud service consumers.
269
Set of processes that enable and optimize Cloud services in order to satisfy business requirements and provide value to consumers.
Cloud Service Management
270
Provides transparency between a consumer and a provider.
Chargeback report
271
Generates chargeback report, visible to consumers.
User Access Management Software
272
Monitors allocation or usage of resources associated with each Cloud service instance.
User Access Management Software
273
Authenticates consumers before fulfilling their service requests.
User Access Management Software
274
Allows an administrator to create and publish a service catalog.
User Access Management Software
275
Interacts with unified management software and forwards all service requests.
User Access Management Software
276
Provides a web-based user interface to consumers and allows consumers to request Cloud services.
User Access Management Software
277
What do service instances obtain from appropriate bundles?
Compute, network, and storage capacity
278
Service instances get resources based on what?
Predefined service attributes
279
How is a service instance created?
VMs are constructed and integrated with virtual network (VLAN) and virtual volume (virtual disk).
280
Process of creating service instances and allocating resources from bundles to service instances, when consumers request services.
Distributing resources
281
Elements of a backup policy
Number of backup copies of a service instance.Location of backup data.
282
Service attributes
- CPU, memory, network bandwidth, and storage capacity;- Name and description of applications and platform softwares;- VDC location from where resources are to be allocated;- Backup policy
283
Service attributes are associated with what?
Virtual Machines
284
Process of documenting attributes of all Cloud services that are to be created from different bundles.
Defining services
285
True or False: A bundle may be associated with application and/or platform software used to create an IaaS Cloud service.
False. A bundle may be associated with application and/or platform software used to create Cloud services OTHER THAN Infrastructure-as-a-Service (IaaS). (So true, except for IaaS services).
286
Process of integrating a graded compute pool (CPU + memory) with a graded network pool and a graded storage pool.
Bundling resources
287
Example of 'Bronze' Grade Storage Pool
- Includes FC drives;- No automated storage tiering; - Capacity 2TB;- RAID level 5
288
Example of Grade 'Gold' Storage Pool
- Includes Flash, FC, and SATA drives;- Supports automated storage tiering; - Capacity 3TB (Flash 1TB, FC 1TB, SATA 1TB)- RAID level 5
289
Example of Grade 'Silver' Storage Pool
- Includes Flash, FC, and SATA drives;- Supports automated storage tiering; - Capacity 3TB (Flash 0.5TB, FC 1TB, SATA 1.5TB)- RAID level 1+0
290
Used to create a VARIETY of Cloud services
Graded Pools
291
Defines multiple grade levels (e.g., Bronze, Silver, Gold) for each type pool (compute, storage, network).
Grading resources
292
Process to categorize pools based on performance and capacity.
Grading resources
293
Key function of a unified management software
To create Cloud services
294
Four series of processes used by Unified Management Software to construct Cloud services
1) Grading resources 2) Bundling resources 3) Defining resources 4) Distributing resources
295
Performs a series of processes to construct Cloud services
Unified Management Software
296
Creates Cloud services
Unified Management Software
297
Sends configuration commands to respective virtual infrastructure management software.Eliminates SEPARATE administration of compute, storage, and network.
Unified Management Software
298
Provides a single interface to:- Create virtual resources and pools.- Add capacity and identity to existing pools.
Unified Management Software
299
Provides a consolidated view of existing physical and virtual infrastructure across VDCs.Helps in monitoring performance, capacity, and availability of resources.
Unified Management Software
300
Software that interacts with the virtual infrastructure management software and user access management software.
Unified Management Software
301
True or False: In a VDC, typically, compute, storage, and network resources (within physical and virtual infrastructure) are configured INDEPENDENTLY using a different virtual infrastructure management software.
TRUE
302
Type of Virtual Infrastructure Management Software used to:- Create CPU and memory pool,- Create Virtual Machines (VMs) and allocate them CPU, memory and storage capacity.
Compute management software
303
Network management software
Type of Virtual Infrastructure Management Software used to:- Create VLAN ID and VSAN ID pools,- Assign VLAN IDs and VSAN IDs to virtual and physical switch ports,- Create zone sets and include nodes into zones,- Create network bandwidth pool and allocate bandwidth to VLANs associated with VM port groups.
304
Type of Virtual Infrastructure Management Software used to:- Create storage pools,- Create virtual volumes, and- Assign virtual volumes to servers.
Storage management software
305
Virtual Infrastructure Management Software
Provides interfaces to construct virtual infrastructure from underlying physical infrastructure. Enables configuring pools and virtual resources. A discrete tool to configure compute, storage, and network resources independently. Sits under and talks to the Unified Management software.
306
Interact among themselves to automate provisioning of Cloud services
Cloud Infrastructure Management and Service Creation Tools
307
Three classifications of Cloud Infrastructure Management and Service Creation Tools
1) Virtual infrastructure management software (bottom layer) 2) Unified management software (middle layer) 3) User access management software (top layer)
308
Suite of tools that:1) Manage physical and virtual infrastructures.2) Handle service requests and provisions Cloud services.3) Provide administrators a single management interface to manage resources across VDCs.
Cloud Infrastructure Management and Service Creation Tools
309
For which service do consumers upload both applications and platform software to the Cloud?
Infrastructure-as-a-Service
310
For what service is platform software only provided by the CSP?
Platform-as-a-Service
311
For which service are applications and platform softwares provided by the CSPs?
Software-as-a-Service
312
Used to deploy a consumer's applications and platform softwares to the Cloud
Migration Tools
313
What services are created from Applications and Platform Softwares?
Software-as-a-Service (SaaS) - Platform-as-a-Service (PaaS)
314
Where are applications and platform softwares hosted?
On virtual machines
315
Used to build environments for applications to run in.
Platform softwares such as OS and database
316
Suite of softwares that may include:- business applications- platform softwares such as OS and database- migration tools
Applications and Platform Software
317
From what do virtual IT resources gain capacities such as CPU cycles, memory, network bandwidth, and storage space?
From the resource pools
318
How are virtual networks defined?
Using network identifiers such as VLAN IDs and VSAN IDs from the respective identity pools.
319
Types of Virtual IT Resources
Virtual Machines (VMs) - Virtual Volumes - Virtual Networks (VLAN and VSAN) - VM Network Components (virtual switches and virtual NICs)
320
Types of Identity Pools
VLAN ID Identity Pools - VSAN ID Identity Pools - MAC Address Identity Pools
321
Type of Resource Pools
CPU Resource Pools - Memory Resource Pools - Network Bandwidth Resource Pools - Storage Resource Pools
322
Three Primary Components of Virtual Infrastructure
1) Resource Pools 2) Identity Pools 3) Virtual IT Resources
323
Enables both migration of Cloud services across data centers and provisioning Cloud services using resources from multiple data centers.
Physical Infrastructure
324
Four types of physical networks
1) IP Network 2) FC SAN 3) IP SAN 4) FCoE
325
True or False: Physical resources may be located in a single data center or distributed across multiple data centers.
TRUE
326
Included in physical infrastructure
Physical IT resources including:- Physical Servers- Storage Systems- Physical Network Components
327
Cloud infrastructure framework components are aggregated to provide what?
Cloud services
328
Four Components of the Cloud Infrastructure Framework
1) Physical Infrastructure 2) Virtual Infrastructure 3) Applications and Platform Software 4) Cloud Infrastructure Management and Service Creation Tools
329
Which functionality is offered by unified management software in the Cloud?a. Provides consolidated view of existing physical and virtual infrastructure across data centers.b. Create VMs and allocate them CPU, memory and storage capacity.
a. Provides consolidated view of existing physical and virtual infrastructure across data centers.
330
Which Cloud service management process is responsible for optimizing utilization of IT resources?a. Service asset and configuration managementb. Financial managementc. Compliance managementd. Capacity management
d. Capacity management
331
Which is a key activity in problem management?a. Rectifying error to return Cloud services as quickly as possible.b. Analyzing incident history to identify impending service failures.c. Checking veracity of problem records in CMDB.
b. Analyzing incident history to identify impending service failures.
332
Which option best describes 'resource bundling' in Cloud service creation?b. Integrating VM, virtual network and virtual volume.c. Bundling graded compute, network, and application services.d. Integrating graded compute, network, and storage pools.
d. Integrating graded compute, network, and storage pools.
333
Which is a component of virtual infrastructure in a Cloud?a. Management softwareb. Storage arrayc. Network identity poold. Service catalog
c. Network identity pool
334
Second Level Support
Technical Support Group
335
Improves VM performance by offloading file scanning and other tasks from VMs to the security VM.
VMware vShield Endpoint
336
VMware vShield Endpoint
Comprises a hardened, special security VM that hosts the third-party anti-virus software. File scanning and other tasks are offloaded from VMs to the security VM. Antivirus engine and signature files are updated ONLY within the security VM. Prevents antivirus storms and bottlenecks associated with multiple simultaneous antivirus and anti-malware scans and updates.
337
Enables enforcement of a policy restricting traffic within a VDC to specified port groups at the hypervisor level.
Port Group Isolation
338
VMware vShield Edge
Deployed as a virtual appliance and serves as a network security gateway. Provides network security services including firewall and site-to-site VPN. Eliminates the need for creating VLANs by creating a barrier between the protected VMs and external network. Simplifies IT compliance with detailed logging.
339
VMware vShield App
Protects applications in a VDC environment from network-based threats. Provides visibility into network communications and enforces granular policies with security groups. Serves as hypervisor level firewall solution.Inbound / outbound connection control enforced at the virtual NIC level.
340
RSA Archer eGRC
Supports business-level management of governance, risk, and compliance. Provides automated deployment workflow, configuration measurement, incident notification, and reporting. Provides single business view of compliance for both physical and virtual infrastructure.
341
Provides two-factors authentication.Provides one-time-password capability.
RSA SecureID
342
Preferred Cloud model for many enterprises so they can ensure all the necessary policy compliances.
Hybrid Cloud Deployment Model
343
Includes legal legislations and industry regulations.Controls the nature of IT operations related to flow of data out of an organization.May differ based upon the type of information, business, etc.
External Regulatory Compliance
344
Controls the nature of IT operations within an organization.Needs to maintain some compliance even when operating in Cloud.
Internal Policy Compliance
345
Types of compliance
1) Internal policy compliance 2) External regulatory compliance
346
4 Steps to perform Risk Assessment
1) Identifying critical and sensitive assets (data, applications, and processes). 2) Identifying potential risks. 3) Classifying risks into severity levels. 4) Associating potential risks with critical assets.
347
Aims to identify potential risks while operating in a Cloud environment.Should be performed before moving to a Cloud.Used to determine the actual scope for Cloud adoption.
Risk Assessment
348
Regulation that mandates vulnerability scanning in a public Cloud
Payment Card Industry (PCI) compliance
349
Generally forbidden in a public Cloud due to multitenancy concerns.
Vulnerability scanning
350
Aims to discover potential security vulnerabilities in the system by scanning its resources (compute, storage, and network).
Vulnerability assessment or testing
351
Key contract termination considerations for a Cloud user
1) Developing a contingency plan for handling data. 2) Migrating the data, including time to migrate the data. 3) Shredding the data on the Cloud after its migration.
352
Situations where a contract termination is required
1) The CSP goes out of business and winds up its services. 2) The CSP cancels the contract. 3) There is a natural closure for the contracted services.
353
An Information Security Management System standard and formally specifies requirements to bring information security under explicit management control.
ISO 27001
354
Among various Cloud deployment models, offers the maximum information flow regulation.
Private Clouds
355
May limit adoption of public Clouds for applications handling sensitive data.
Information (data) flow regulations
356
Could constrain the flow of information in the Cloud.
National and international regulations
357
Allows a business to build an efficient, collaborative enterprise governance, risk and compliance (eGRC) program across IT, Finance, Operations, and Legal domains.
Enterprise GRC (eGRC) solution
358
Refers to the policies, processes, laws, and institutions that define the structure by which companies are directed and managed.
Governance
359
A coordinated activity to direct and control an organization, and to realize business potential while managing negative events.
Risk Management
360
Refers to the effect of uncertainty on business objectives.
Risk
361
Refers to the act of adhering to and demonstrating adherence to external laws and regulations as well as corporate policies and procedures.
Compliance
362
Includes identification of critical assets, potential risks, and the classification of critical assets into risk categories.
Risk assessment
363
Process of managing the trust relationships among distinct organizations beyond the internal network or administrative boundaries.
Federated Identity Management
364
Association of organizations that come together to exchange information about their users and resources to enable collaborations and transactions.
Federation
365
Open standard for decentralized authentication and access control.Can be used while allowing users to log onto many services using the same digital identity.
OpenID
366
Three methods for Identity Management (IM) in the Cloud
1) One-time passwords 2) Federated Identity Management 3) OpenID
367
Enables organizations to authenticate their users of Cloud services using the chosen identity provider.Allows user identities across different organizations to be managed together to enable collaboration in the Cloud.
Federated Identity Management
368
True or False: User groups can be imported using LDAP-based directory services of the client organization for client installations in the Cloud.
TRUE
369
True or False: CSPs may also use RBAC to control administrative access to the hypervisor management system (console).
TRUE
370
Can be enabled for Cloud clients by importing user groups using directory services of the client organization.
Role Based Access Control (RBAC)
371
RBAC
Role Based Access Control
372
Resource access (permissions) is given to subjects (users and processes) based upon their roles.
Role Based Access Control
373
True or False: MAC/WWPN binding and VLAN restrictions should be applied to physical Ethernet switches.
TRUE
374
Restricted Port Access Practices
1) Leave unused ports in disabled state. 2) Bind specific devices to designated ports.
375
Methods for physical security in the VDC and Cloud
1) Restricted Port Access 2) CCTV-based Video Surveillance 3) 24/7/365 Onsite Guarded Security 4) Biometric Authentication-based Physical Access
376
Critical feature for data security in a Cloud infrastructure
Data shredding
377
Permanently removes all the traces of the deleted data.
Data shredding
378
Traces of deleted data include what items
Logs of VM or application executions. Logs of old files, folders, and other resources. Logs of data communication.
379
Key method to encrypt data-at-rest residing on a disk.
Full disk encryption
380
Advantages of encryption of data-at-rest
1) Provides confidentiality and integrity services. 2) Reduces legal liabilities of a CSP due to an unauthorized disclosure of data on the CSP's cloud.
381
Data which is not being transferred over a network.
Data-at-rest
382
Security protection for the storage utilized by the hypervisor for VMs
Using separate LUNs for VM components and for VM data.Segregating VM traffic from hypervisor storage and management traffic.
383
Used to restrict access to the storage arrays in a SAN
WWPN and WWNN LUN masking
384
More centralized location for Intrusion Detection on a single server
ID at the hypervisor level
385
A network DMZ established in a virtualized environment using virtual network infrastructure.
Virtualized DMZ
386
Adds additional layer of security against external attacks.
Physical or logical (virtualized) DMZ
387
Gives visibility and control over VM traffic and enforces policies at the VM level.
Virtual firewall
388
Firewall service running on the hypervisor.
Virtual Firewall (VF)
389
Vulnerable applications should be prevented from what?
1) Launching any (untrusted) executable file. 2) Creating or modifying executable files. 3) Modifying sensitive areas of the guest OS (e.g., the Windows registry).
390
Used for separating the execution of an untrusted application from unverified third-parties, suppliers, and untrusted users.
Sandbox
391
Provides a tightly controlled set of resources for the application to execute, such as scratch space on disk and memory.
Sandbox
392
Helps prevent a compromised guest OS and applications running on it from impacting other VMs.
VM Isolation
393
Security mechanisms to protect storage
Access Control - Zoning and LUN Masking for SAN security - Encryption of data-at-rest - Data shredding - Security for storage utilized by the hypervisor itself (for example, a VMFS supporting multiple VMs within a cluster)- Use separate LUNs for VM components and VM data.- Segregate VM traffic from hypervisor storage and management traffic.
394
SAN security vulnerabilities
Fabric access to an unauthorized device.WWN Spoofing
395
Who provides intrusion detection in Cloud in an IaaS model?
Intrusion detection is set up by the client.
396
Who provides intrusion detection in Cloud in a PaaS model?
Intrusion detection at local level provided by the Cloud Service Provider
397
Who provides intrusion detection in Cloud in a SaaS model?
Provided by the Cloud Service Provider (CSP)
398
Where Intrusion Detection (ID) can occur in a VDC environment
At guest OS level; Using separate VM; At hypervisor level; At virtual network level; At physical network level
399
IDS type that is a combination of server and network-based approaches
Integrated IDS
400
IDS type that:1) Analyzes network traffic and communicating nodes.2) Poorer view of the system and low vulnerability for an attack on IDS itself.
Network based IDS
