Which of the following methods can cloud providers implement to provide high availability?

A computer network consisting of virtual and physical devices.

A virtual LAN running on top of a physical LAN.

Virtual private network

(VPN)

A secure tunnel to another network that connects multiple remote end-points.

A virtual computer that functions like a physical computer.

Software that facilitates the communication between virtual machines by checking data packets before moving them to a destination.

Software that replicates the functionality of a physical router.

Virtual firewall appliance

(vFA)

Software that functions as a network firewall device. A virtual firewall appliance provides packet filtering and monitoring functions.

Virtual machine

monitor (VMM)/hypervisor

Software, firmware, or hardware that creates and runs virtual machines.

Virtual machines support an unlimited number of virtual networks.

Also be aware that an unlimited number of virtual machines can be connected to a virtual network.

Be aware of the following regarding VMware solutions.

VMware introduced the first x86 server virtualization products in 2001, making it a virtualization pioneer.

VMware desktop software runs on Microsoft Windows, Linux, and macOS, while its enterprise software hypervisor for servers, VMware ESXi, is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system.

ESXi is primarily used for data center virtualization.

Microsoft solutions include:

Hyper-V Network Virtualization that provides virtual networks to virtual machines. This is similar to how server virtualization (hypervisor) provides virtual machines to the operating system. Hyper-V Network Virtualization has high scalability, with capacity for over 1,000 virtual machines per host.

Microsoft Azure that provides network virtualization in the cloud.

Citrix virtualization solutions:

Provide a virtualization solution called XenServer, also referred to as Citrix Hypervisor.

Support the widest range of graphics applications.

Support Intel GVT-g GPU virtualization, a CPU-embedded GPU requiring no additional hardware.

Virtual Local Area Network (VLAN)

Several physical LANs can function as a single logical LAN, or the partitioned network can be on a single router.

Virtual Area Network (VAN)

This is a virtual LAN running on top of a physical LAN. This configuration enables guest virtual machines on separate physical hosts to communicate.

Virtual Private Network (VPN

A VPN is usually used as a secure tunnel over another network, connecting multiple remote end-points, such as routers. A multipoint VPN is a VPN connecting more than two end-points.

VMs are virtual computers that function like a physical computer. Virtual servers are virtual machines capable of providing services such as databases, email, domains, and applications. The traffic between virtual machines can be routed using virtual switches alongside virtual routers and virtual firewalls for network segmentation and data isolation.

Software that facilitates the communication between virtual machines by checking data packets before moving them to a destination. A vSwitch may be a part of software installed in the virtual machine or it may be part of the server firmware.

A software function that replicates the functionality of a physical router. Because virtual routing liberates the IP routing function from specific hardware, you can more freely move routing functions around a network.

Virtual firewall appliance (VFA)

Software that functions as a network firewall device that provides the usual packet filtering and monitoring. The VF can run as a traditional software firewall on a virtual machine.

Virtual machine monitor/hypervisor (VMM/hypervisor)

Software, firmware, or hardware that creates and runs virtual machines. A computer on which a hypervisor runs to provide one or more virtual machines is called a host machine. Each virtual machine is called a guest machine. The hypervisor provides the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems.

Which of the following provides the network virtualization solution called XenServer?

Which of the following is a network virtualization solution provided by Microsoft?

What is the limit of virtual machines that can be connected to a virtual network?

UnlimitedYou are an application developer. You use a hypervisor with multiple virtual machines installed to test your applications on various operating systems' versions and editions.

Currently, all of your virtual machines used for testing are connected to the production network through the hypervisor's network interface. However, you are concerned that the latest application you are working on could adversely impact other network hosts if errors exist in the code.

To prevent issues, you decide to isolate the virtual machines from the production network. However, they still need to be able to communicate directly with each other.

What should you do? (Select two. Both responses are part of the complete solution.)

Create a new virtual switch configured for host-only (internal) networking.

Connect the virtual network interfaces in the virtual machines to the virtual switch.

Which of the following statements about virtual networks is true? (Select two.)

A virtual network is dependent on the configuration and physical hardware of the host operating system.

Multiple virtual networks can be associated with a single physical network adapter.

Which of the following devices facilitates communication between different virtual machines by checking data packets before moving them to a destination?

What is a virtual LAN that runs on top of a physical LAN called?

Which of the following virtual devices provides packet filtering and monitoring?

A VFA is a virtual firewall appliance. This is software that functions as a network firewall device that provides the usual packet filtering and monitoring. A VFA can run as a traditional software firewall on a virtual machine.

Which of the following is an example of protocol-based network virtualization?

VLANs and VPNs are two examples of protocol-based network virtualization.

Which of the following is used as a secure tunnel to connect two networks?

A virtual private network (VPN) is usually used as a secure tunnel over another network, connecting multiple remote endpoints (such as routers). A multipoint VPN is a VPN connecting more than two endpoints.

Software-defined

networking

An architecture that allows network and security professionals to manage, control, and make changes to a network.

The Application layer communicates with the Control layer through what is called the northbound interface. These are sometimes called northbound APIs.

The Control layer receives its requests from the Application layer and then provides the Physical layer with its configuration and instructions.

The Physical layer, also known as the Infrastructure layer, communicates to the Control layer through the southbound interface. The individual networking devices use southbound APIs to communicate with the control plane and vice versa. Even though this layer is called the Physical layer, it is where both physical and virtual network devices sit.

Which of the following is an advantage of software-defined networking (SDN)?

Which of the following BEST describes the Application SDN layer?

Communicates with the Control layer through the northbound interface.

Which SDN layer would a load balancer that stops and starts VMs as resource use increases reside on?

Applications reside on the Application layer. A load balancer that stops and starts VMs as resource use increases is an example of an application that would reside on this layer.

Software defined networking (SDN) uses a controller to manage devices. The controller is able to inventory hardware components on the network, gather network statistics, make routing decisions based on gathered data, and facilitate communication between devices from different vendors. It can also be used to make widespread configuration changes on just one device.

The SDN controller is software.

This layer receives its requests from the Application layer.

This layer is also known as the Infrastructure layer.

This layer communicates with the Control layer through what is called the northbound interface.

This layer provides the Physical layer with configuration and instructions.

On this layer, individual networking devices use southbound APIs to communicate with the control plane.

Which of the following does the Application layer use to communicate with the Control layer?

Which of the following BEST describes the Physical SDN layer?

Also known as the Infrastructure layer.

Network engineers have the option of using software to configure and control the network rather than relying on individual static configuration files that are located on each network device.

Which of the following is a relatively new technology that allows network and security professionals to use software to manage, control, and make changes to a network?

Software-defined networking (SDN)

Which APIs do individual networking devices use to communicate with the control plane from the Physical layer?

Individual networking devices on the Physical layer use southbound APIs to communicate with the control plane and vice versa.

Which of the following is a disadvantage of software defined networking (SDN)?

A metaphor for the internet.

Software, data access, computation, and storage services provided to clients through the internet.

Platforms, applications, storage, or other resources that are made available to the general public by a cloud service provider.

Platforms, applications, storage, or other resources that are made available to a single organization.

Platforms, applications, storage, or other resources that are shared by several organizations.

A combination of public, private, and community cloud resources from different service providers.

A public cloud can be accessed by anyone. Cloud-based computing resources, such as platforms, applications, storage, or other resources, are made available to the general public by a cloud service provider. The service provider may or may not require a fee for using these resources. For example, Google provides many publicly-accessible cloud applications, such as Gmail and Google Docs.

A private cloud provides resources to a single organization. Access is restricted to the users within the organization. Private clouds can be hosted internally. Because of the expense and expertise required to implement, clouds are typically hosted externally, by a third party. An organization commonly enters into an agreement with a cloud service provider, which provides secure access to cloud-based resources. The organization's data is kept separate and secure from any other organization using the same service provider.

A community cloud is designed to be shared by several organizations. Access is restricted to users within the organizations who are sharing the community cloud infrastructure. Community clouds can be hosted internally or on-premise, with each organization sharing the cost of implementation and maintenance. Because of the expense and expertise required, community clouds are commonly hosted externally, by a third party.

A hybrid cloud is composed of a combination of public, private, and community cloud resources from different service providers. The goal behind a hybrid cloud is to expand the functionality of a given cloud service by integrating it with other cloud services.

Infrastructure as a Service (IaaS)

IaaS delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment.

Platform as a Service (PaaS)

PaaS delivers everything a developer needs to build an application. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers.

Software as a Service (SaaS)

SaaS delivers software applications to the client over the internet or on a local area network. SaaS comes in two implementation types:

Simple multi-tenancy in which each customer has its own resources that are segregated from other customers.

Fine grain multi-tenancy segregates customers, but resources are shared.

Security as a Service (SECaaS)

SECaaS providers integrate their services into a corporate infrastructure. The applications and software are specific to organizational security. SECaaS is based on the Software-as-a-Service cloud computing model, but is limited to information security services and does not require on-premises hardware. These security services can include authentication, anti-virus, anti-malware, spyware, intrusion detection, penetration testing, and security event management.

SECaaS can sometimes be much more cost effective for an organization than having to pay for all the necessary equipment and personnel to properly protect a network from viruses, malware, and instruction. However, it is still necessary to have an on-site security professional.

Which of the following BEST describes the Platform as a Service (PaaS) cloud computing service model?

PaaS delivers everything a developer needs to build an application on the cloud infrastructure.

Which of the following cloud computing solutions delivers software applications to a client either over the internet or on a local area network?

Software as a Service (SaaS) delivers software applications to the client either over the internet or on a local area network (LAN).

You are the security administrator for your organization. You have implemented a cloud service to provide features such as authentication, anti-malware, intrusion detection, and penetration testing.

Which cloud service have you most likely implemented?

Security as a Service (SECaaS) providers integrate their services into a corporate infrastructure. The applications and software are specific to organizational security. SECaaS is based on the Software as a Service (SaaS) cloud computing model. However, it is limited to information security services and does not require on-premises hardware. These security services can include authentication, antivirus, anti-malware, spyware, intrusion detection, penetration testing, and security event management.

The IT manager has tasked you with installing new physical machines. These computer systems are barebone systems that simply establish a remote connection to the data center to run the user's virtualized desktop.

Which type of deployment model is being used?

This type of deployment is often referred to as a thin client deployment. This deployment utilizes virtual desktop infrastructure (VDI) to virtualize a user's desktop. The client machine is essentially only used to connect to the high-end machines in the data center.

Which of the following are true concerning virtual desktop infrastructure (VDI)? (Select two.)

User desktop environments are centrally hosted on servers instead of on individual desktop systems.

In the event of a widespread malware infection, the administrator can quickly reimage all user desktops on a few central servers.

Google Cloud, Amazon Web Services (AWS), and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompt companies to take advantage of cloud storage? (Select two.)

Need to bring costs down

Growing demand for storage

Which of the following cloud storage access services acts as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure?

A cloud-access security broker (CASB) may act as a gatekeeper, extending an organization's security policies into the cloud storage infrastructure. A CASB focuses on the visibility of company data, regulation compliance, user access, and data security through encryption and loss prevention.

Cloud storage is a virtual service, so the infrastructure is the responsibility of the storage provider. Access control should be set as a local file system would be, with no need for the provider to have access to the stored data.

You are implementing the following measures to secure your cloud storage:

Verify that security controls are the same as in a physical data center.

Use data classification policies.

Assign information into categories that determine storage, handling, and access requirements.

Assign information classification based on information sensitivity and criticality.

Which of the following is another security measure you can implement?

Dispose of data when it is no longer needed by using specialized tools.

Which of the following tools allows the user to set security rules for an instance of an application that interacts with one organization and different security rules for an instance of the application when interacting with another organization?

What is the system that connects application repositories, systems, and IT environments in a way that allows access and exchange of data over a network by multiple devices and locations called?

Which of the following methods can cloud providers implement to provide high availability?

Which formula is used to determine a cloud provider's availability percentage?

Which type of firewall operates at Layer 7 of the OSI model?

Which of the following can provide the most specific protection and monitoring capabilities?

Cloud-access security broker

What is the on-premises, cloud-based software tool that sits between an organization and a cloud service provider called?

Cloud-access security broker

Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?

Which of the following is a network security service that filters malware from user-side internet connections using different techniques?

Which type of firewall protects against packets coming from certain IP addresses?

Your organization recently purchased 18 iPad tablets for use by the organization's management team. These devices have iOS pre-installed on them.

To increase the security of these devices, you want to apply a default set of security-related configuration settings.

What is the BEST approach to take to accomplish this?

Enroll the devices in a mobile device management (MDM) system.

Configure and apply security policy settings in a mobile device management (MDM) system.

Which security weakness is the MOST likely cause of the security breach?

Geotagging was enabled on her smartphone.

Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity?

Your organization recently purchased 20 Android tablets for use by the organization's management team.

To increase the security of these devices, you want to ensure that only specific apps can be installed. Which of the following would you implement?

A smartphone was lost at the airport. There is no way to recover the device. Which of the following ensures data confidentiality on the device?

Which of the following is the recommend Intune configuration?

Which of the following is a solution that pushes security policies directly to mobile devices over a network connection?

Mobile device management (MDM)

The IT manager has tasked you with configuring Intune. You have enrolled the devices and now need to set up the Intune policies.

Where would you go to set up the Intune policies?

In the Admin portal, select Policy > Add Policy.

Which of the following Intune portals is used by end users to manage their own account and enroll devices?

Your organization recently purchased 20 Android tablets for use by the organization's management team.

You are using a Windows domain. Which of the following should you use to push security settings to the devices?

Which of the following mobile device management (MDM) solutions is hardware-agnostic and supports many different brands of mobile devices?

Enterprise mobility management (EMM) is the combination of MDM and MAM solutions in one package. EMM solutions are able to manage multiple brands and types of mobile devices in a single package.

Mobile application management (MAM) provides the ability to do which of the following?

Remotely install and uninstall apps.

What is the minimum number of users needed in a Windows Enterprise agreement for Intune to be included?

Intune is included with any Windows Enterprise agreement of at least 500 users and supports all types of devices.

Mobile device management (MDM) provides the ability to do which of the following?

Which of the following mobile device management (MDM) solutions allows an organization to manage all devices, including printers, workstations, and even IoT devices?

Unified endpoint management (UEM) is the next step in device management. These solutions provide a single point for all types of devices. This includes workstations, printers, mobile devices, IoT devices, and wearable devices.

Which of the following is the first phase of the Microsoft Intune application life cycle?

The first phase of the Microsoft Intune application life cycle is to add the apps that are to be managed and assigned in Intune.

Deploy is the second phase.

Configure is the third phase.

Protect is the fourth phase.

Which of the following app deployment and update methods can be configured to make available to specific users and groups only the apps that they have rights to access?

In which phase of the Microsoft Intune application life cycle would you assign an app to users and/or devices you manage and monitor them on the Azure portal?

Which of the following app deployment and update methods allows updates to be uploaded onto Intune where they can be pushed out to users within 24 hours?

Which of the following app deployment and update methods allows an administrator to remove apps and clear all data from a device without affecting the device itself?

With remote management, when an employee leaves an organization, an administrator can remotely remove apps and clear all data from a device without affecting the device itself.

Which of the following is a policy that defines appropriate and inappropriate usage of company resources, assets, and communications?

Acceptable use policy (AUP)

Which of the following defines an acceptable use agreement?

An agreement that identifies employees' rights to use company property, such as internet access and computer equipment, for personal use.

Your organization allows employees to bring their own devices into work, but management is concerned that a malicious internal user could use a mobile device to conduct an insider attack.

Which of the following should be implemented to help mitigate this threat?

Implement an AUP that specifies where and when mobile devices can be possessed within the organization.

Which of the following could be an example of a malicious insider attack?

A user uses the built-in microphone to record conversations.

Which device deployment model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data?

The Corporate-Owned, Personally Enabled (COPE) model gives businesses significant control over device security while allowing employees to use their devices to access both corporate and personal data. Because the company owns the device, it can be secured more easily and wiped clean if lost or stolen. One disadvantage of this model is that employees who are not free to choose their own devices may end up bringing their own anyway.

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on company-owned tablets. These tablets contain sensitive information. If one of these tablets is lost or stolen, this information could end up in the wrong hands.

The chief information officer wants you to implement a solution that can be used to keep sensitive information from getting into the wrong hands if a device is lost or stolen.

Which of the following should you implement?

A mobile device management (MDM) infrastructure

If a user's BYOD device (such as a tablet or phone) is infected with malware, that malware can be spread if that user connects to your organization's network. One way to prevent this event is to use a Network Access Control (NAC) system.

How does an NAC protect your network from being infected by a BYOD device?

The NAC remediates devices before allowing them to connect to your network.

The IT manager has tasked you with implementing a solution that ensures that mobile devices are up to date, have anti-malware installed, and have the latest definition updates before being allowed to connect to the network.

Which of the following should you implement?

A Network Access Control (NAC) solution can remediate devices before allowing them to connect to your network. This includes defining that a device is fully updated, has anti-malware installed, and has the latest definition updates.

Which of the following BEST describes a virtual desktop infrastructure (VDI)?

Provides enhanced security and better data protection because most of the data processing is provided by servers in the data center rather than on the local device.

Users in the sales department perform many of their daily tasks, such as emailing and creating sales presentations, on their personal tablets.

The chief information officer worries that one of these users might also use their tablet to steal sensitive information from the organization's network. Your job is to implement a solution that prevents insiders from accessing sensitive information stored on the organization's network from their personal devices while still giving them access to the internet.

A guest wireless network that is isolated from your organization's production network

Which of the following is an open-source hardware and software company that designs and manufactures single-board microcontrollers as well as kits to build digital devices?

You manage information systems for a large co-location data center.

Networked environmental controls are used to manage the temperature within the data center. These controls use embedded smart technology that allows them to be managed over an internet connection using a mobile device app.

You are concerned about the security of these devices. What can you do to increase their security posture?

Install the latest firmware updates from the device manufacturer.

Verify that your network's existing security infrastructure is working properly.

You manage the information systems for a large manufacturing firm.

Supervisory control and data acquisition (SCADA) devices are used on the manufacturing floor to manage your organization's automated factory equipment. The SCADA devices use embedded smart technology, allowing them to be managed using a mobile device app over an internet connection.

You are concerned about the security of these devices. What can you do to increase their security posture? (Select two.)

Verify that your network's existing security infrastructure is working properly

.Install the latest firmware updates from the device manufacturer.

Which of the following serves real-time applications without buffer delays?

A real-time operating system (RTOS) is an operating system that serves real-time applications without buffer delays. They are generally used in systems that require a response within a strict time constraint.

Which of the following devices are special computer systems that gather, analyze, and manage automated factory equipment?

Supervisory control and data acquisition (SCADA) devices are special computer systems that gather, analyze, and manage automated factory equipment.

You notice that a growing number of devices, such as environmental control systems and wearable devices, are connecting to your network. These devices, known as smart devices, are sending and receiving data via wireless network connections.

Which of the following labels applies to this growing ecosystem of smart devices?

Which Amazon device can be used to control smart devices (such as lights) throughout a home using voice commands?

Which of the following do Raspberry Pi systems make use of?

A system on a chip (SoC) is an integrated circuit that includes all components of a typical computer system, including digital, analog, mixed-signal, and radio frequency functions. Raspberry Pi is a common device that uses an SoC. Because of their relatively low cost, SoCs are often used by hobbyists.

Which of the following lets you make phone calls over a packet-switched network?

Voice over IP (VoIP) is a protocol optimized for the transmission of voice data (telephone calls) through a packet-switched IP network. VoIP routes phone calls through an IP network, including the internet. VoIP solutions can integrate with a public-switched telephone network (PSTN) to allow VoIP customers to make and receive external calls.

Why do attackers prefer to conduct distributed network attacks in static environments?

Devices are typically more difficult to monitor than traditional network devices.

Devices tend to employ much weaker security than traditional network devices.

Which of the following methods can cloud providers implement?

Which formula is used to determine a cloud providers availability percentage?

Which of the following is a network device that is deployed in the cloud to protect against unwanted access to a private network?

Which of the following is a network virtualization solution provided by Microsoft?