CCNA Cloud Deployment Questions

6 of 81 questions · Page 2/2 · Cloud Deployment topic · Answers revealed

76
Multi-Selecthard

Which THREE are common tasks in a CI/CD pipeline? (Select THREE.)

Select 3 answers
A.Manual code review by a senior developer
B.Handwritten notes for deployment steps
C.Source code checkout from version control
D.Deployment to a staging or production environment
E.Automated testing (unit, integration, etc.)
AnswersC, D, E

CI starts with fetching code from a repository.

Why this answer

Source code checkout from version control is a fundamental first step in any CI/CD pipeline. The pipeline agent must retrieve the latest code from a repository (e.g., Git) to build, test, and deploy the application. Without this checkout, subsequent automated steps have no codebase to work with.

Exam trap

CompTIA often tests the distinction between manual, human-in-the-loop activities (like code review or handwritten notes) and fully automated, scripted steps that are essential to a CI/CD pipeline, leading candidates to mistakenly include manual tasks as pipeline tasks.

77
MCQmedium

A cloud engineer needs to deploy a virtual machine with a specific configuration that includes a custom script to install software after boot. The deployment must be repeatable and version-controlled. Which approach should be used?

A.Run a shell script after the VM is deployed
B.Create a golden image with the software pre-installed
C.Manually install software after creating the VM
D.Use an Infrastructure as Code template with a user data script
AnswerD

IaC provides repeatable, version-controlled deployments.

Why this answer

Option D is correct because Infrastructure as Code (IaC) templates, such as AWS CloudFormation or Azure Resource Manager, allow you to define the entire VM configuration declaratively, including a user data script that runs custom software installation commands at first boot. This approach ensures repeatability, version control through template files stored in Git, and automated deployment without manual intervention.

Exam trap

CompTIA often tests the distinction between static golden images and dynamic IaC with user data, where candidates mistakenly choose the golden image option because they think it is more reliable, but the question specifically requires repeatability and version control, which IaC provides through code-based templates.

How to eliminate wrong answers

Option A is wrong because running a shell script after deployment is a manual or ad-hoc step that is not inherently repeatable or version-controlled; it relies on external execution and does not capture the configuration in a template. Option B is wrong because a golden image with pre-installed software is static and requires manual updates to the image for each software change, making it less flexible for version-controlled, repeatable deployments compared to IaC with user data. Option C is wrong because manually installing software after creating the VM is error-prone, not repeatable, and cannot be version-controlled, violating the core requirements of the question.

78
MCQeasy

A cloud administrator needs to deploy a new application that requires a static IP address. The administrator is using a cloud provider that allows the reservation of elastic IP addresses. Which deployment step should be taken to ensure the IP address is not lost when the resource is stopped?

A.Configure the instance to obtain an IP via DHCP.
B.Allocate an elastic IP address and associate it with the resource.
C.Assign a private IP address from a reserved range.
D.Set up an external DNS service to point to the public IP.
AnswerB

Elastic IPs are static and persist independent of instance state.

Why this answer

Elastic IP addresses are static public IPv4 addresses that you can allocate to your account and associate with a resource. When you associate an elastic IP with an instance, it persists even if the instance is stopped, because the IP is reserved in your account until you explicitly release it. This ensures the IP address is not lost when the resource is stopped, unlike ephemeral public IPs that change on stop/start.

Exam trap

CompTIA often tests the distinction between ephemeral public IPs (which are lost on stop/start) and elastic/reserved IPs (which persist), and the trap here is that candidates may confuse a static private IP (Option C) with a static public IP, or think DNS alone (Option D) can prevent IP loss.

How to eliminate wrong answers

Option A is wrong because configuring DHCP only assigns a dynamic private IP address, which does not provide a static public IP and may change on stop/start. Option C is wrong because assigning a private IP from a reserved range gives a static private address, but the question requires a static public IP address for external access. Option D is wrong because setting up an external DNS service only maps a domain name to an IP; it does not prevent the underlying public IP from changing when the instance is stopped.

79
MCQeasy

A deployment of a new application version fails with a '503 Service Unavailable' error after a rolling update. The previous version was working. What is the most likely cause?

A.Database connection pool exhausted
B.DNS propagation delay
C.SSL certificate expired
D.New version missing a required dependency
AnswerD

Missing dependency can cause health check failure, resulting in 503.

Why this answer

A 503 Service Unavailable error during a rolling update typically indicates that the new application version cannot start or serve traffic. The most likely cause is a missing required dependency (e.g., a library, module, or runtime component) that the previous version did not need, causing the new pods or containers to fail readiness probes and be removed from the load balancer pool.

Exam trap

The trap here is that candidates often assume a 503 error always means server overload or scaling issues, but Cisco tests the nuance that a failing new version during a rolling update is more likely a dependency or configuration problem, not a capacity issue.

How to eliminate wrong answers

Option A is wrong because a database connection pool exhaustion would usually result in 500-level errors (e.g., 500 Internal Server Error) or timeouts, not a 503, and it is not specific to a rolling update failure of a new version. Option B is wrong because DNS propagation delay affects client-side resolution and would cause 'Server Not Found' or connection timeouts, not a 503 from an already-reachable service. Option C is wrong because an expired SSL certificate would produce TLS handshake failures (e.g., ERR_CERT_DATE_INVALID) or 502 Bad Gateway if the certificate is on the backend, but not a 503 Service Unavailable.

80
MCQmedium

A cloud architect is designing an auto-scaling policy for a web application that experiences predictable traffic spikes every weekday morning from 8 to 10 AM. The application runs on a group of virtual machines behind a load balancer. Which scaling approach is MOST cost-effective while ensuring performance during the spike?

A.Dynamic scaling based on CPU utilization threshold
B.Proactive scaling using machine learning to predict spikes
C.Manual scaling by the operations team each morning
D.Scheduled scaling to increase capacity before 8 AM and decrease after 10 AM
AnswerD

Scheduled scaling directly matches the predictable pattern, ensuring resources are ready in advance and minimizing waste.

Why this answer

Scheduled scaling is the most cost-effective approach because the traffic pattern is predictable (every weekday 8–10 AM). By configuring the auto-scaling group to add instances before the spike and remove them after, you avoid paying for idle resources during off-peak hours while ensuring capacity is ready when needed. This approach directly matches the known schedule without relying on reactive metrics or manual intervention.

Exam trap

CompTIA often tests the distinction between reactive (dynamic) and proactive (scheduled) scaling, where candidates mistakenly choose dynamic scaling for predictable patterns because they assume it is always the most efficient, ignoring the latency of metric-based triggers.

How to eliminate wrong answers

Option A is wrong because dynamic scaling based on CPU utilization reacts to load after it occurs, which can cause a lag in provisioning and potential performance degradation during the initial spike. Option B is wrong because proactive scaling using machine learning is overkill for a predictable, repeating schedule and introduces unnecessary complexity and cost. Option C is wrong because manual scaling is error-prone, requires human intervention every morning, and cannot guarantee timely scaling for a predictable pattern.

81
MCQeasy

During a cloud deployment, a virtual machine is created from a custom image. After boot, the VM is not accessible via SSH. Which of the following should the administrator check FIRST?

A.The security group rules for inbound SSH
B.The boot volume is encrypted
C.The hypervisor version compatibility
D.The image's OS license activation status
AnswerA

Security group rules are the first line of defense; if SSH (port 22) is not allowed, connection will fail.

Why this answer

The most common reason a newly deployed VM is inaccessible via SSH is that the security group or network ACL does not permit inbound TCP port 22 traffic. Security groups act as a virtual firewall at the instance level, and if the rule allowing SSH from the administrator's IP is missing or misconfigured, the connection will be refused. This should be the first check because it is a frequent misconfiguration during deployment.

Exam trap

The trap here is that candidates may assume the issue is with the OS or image itself (e.g., licensing or encryption) and overlook the most common and easily verified network-layer misconfiguration of security group rules.

How to eliminate wrong answers

Option B is wrong because boot volume encryption affects data at rest security, not network connectivity; an encrypted volume does not block SSH access. Option C is wrong because hypervisor version compatibility is a pre-deployment concern and would typically cause the VM to fail to boot or run, not just block SSH after boot. Option D is wrong because OS license activation status might cause grace-period warnings or feature restrictions but does not prevent SSH connectivity; SSH is a network service that operates independently of activation state.

← PreviousPage 2 of 2 · 81 questions total

Ready to test yourself?

Try a timed practice session using only Cloud Deployment questions.