CCNA Clp Architecture Design Questions

75 of 120 questions · Page 1/2 · Clp Architecture Design topic · Answers revealed

1
MCQmedium

A company needs to choose a disaster recovery strategy with an RTO of 4 hours and an RPO of 15 minutes. Which of the following is the most cost-effective approach that meets these requirements?

A.Multi-site active-active
B.Warm standby
C.Pilot light
D.Cold standby
AnswerC

Pilot light can recover in minutes to hours with low RPO.

Why this answer

Pilot light keeps a minimal environment running and can be scaled up quickly; it offers a balance between cost and recovery time. Warm standby would be more expensive, cold standby would not meet RTO/RPO, and multi-site active-active is overkill.

2
MCQhard

A company runs a stateless web application on auto-scaling EC2 instances behind an Application Load Balancer. The application experiences sudden traffic spikes. Which scaling approach will handle the spikes most efficiently while minimizing cost?

A.Horizontal scaling with auto-scaling based on CPU utilization
B.Vertical scaling of existing instances
C.Using reserved instances for all capacity
D.Pre-provisioning a large number of instances
AnswerA

Correct. Horizontal scaling adds instances as needed, and auto-scaling ensures cost efficiency.

Why this answer

Horizontal scaling (adding instances) combined with auto-scaling based on metrics is best for handling spikes cost-effectively in a stateless app.

3
MCQmedium

A cloud engineer needs to store database backups that must be retained for seven years. The backups are rarely accessed. Which storage type is most cost-effective for this use case?

A.Object storage
B.Block storage
C.Archive storage
D.File storage
AnswerC

Archive storage is designed for long-term, low-cost retention.

Why this answer

Archive storage (like Glacier or Azure Archive) is designed for long-term cold storage at low cost.

4
MCQeasy

Which cloud characteristic allows a user to provision additional resources automatically without requiring human intervention?

A.Measured service
B.Resource pooling
C.Rapid elasticity
D.Broad network access
AnswerC

Rapid elasticity allows automatic scaling of resources up or down.

Why this answer

Rapid elasticity enables automatic scaling of resources based on demand.

5
MCQmedium

A company runs a stateless web application on virtual machines. To handle increased traffic, they add more virtual machines and distribute incoming requests among them. What is this scaling method called?

A.Right-sizing
B.Vertical scaling
C.Auto-scaling
D.Horizontal scaling
AnswerD

Horizontal scaling adds more instances.

Why this answer

Horizontal scaling adds more instances to handle load, as opposed to vertical scaling which increases the resources of a single instance.

6
MCQmedium

A cloud engineer is designing a disaster recovery plan with an RTO of 2 hours and RPO of 15 minutes. Which strategy best meets these requirements?

A.Pilot light with hourly snapshots
B.Warm standby with continuous replication
C.Cold standby with daily backups
D.Active-active across regions
AnswerB

Provides near-real-time RPO and quick recovery meeting the requirements.

Why this answer

A warm standby with replication keeps a scaled-down copy running, allowing recovery within hours and data loss limited to minutes.

7
Multi-Selecteasy

A company is considering using a public cloud provider. Which TWO characteristics are typical of a public cloud deployment? (Select TWO.)

Select 2 answers
A.The customer has full control over the physical infrastructure
B.The deployment is isolated to a single organization
C.Resources are shared among multiple customers
D.The customer pays only for the resources they use
E.Resources are hosted on-premises
AnswersC, D

Public cloud is multi-tenant by nature.

Why this answer

Public cloud is multi-tenant and offers scalability and pay-as-you-go pricing. Options A and B are correct.

8
Multi-Selectmedium

A cloud architect is designing a disaster recovery plan for a critical application. Which TWO metrics should be defined to establish recovery objectives?

Select 2 answers
A.RPO (Recovery Point Objective)
B.MTBF (Mean Time Between Failures)
C.RTO (Recovery Time Objective)
D.SLA (Service Level Agreement)
E.MTTR (Mean Time to Repair)
AnswersA, C

RPO defines the maximum acceptable data loss.

Why this answer

RTO and RPO are the key metrics for disaster recovery: time to recover and acceptable data loss.

9
MCQmedium

An organization is designing a disaster recovery plan with a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour. Which disaster recovery strategy best meets these requirements while minimizing cost?

A.Cold standby
B.Backup and restore
C.Warm standby
D.Hot standby
AnswerC

Warm standby provides a balance of cost and recovery speed, meeting the stated requirements.

Why this answer

Warm standby maintains a partially running environment that can be fully activated quickly, meeting an RTO of 4 hours and RPO of 1 hour at a lower cost than hot standby.

11
MCQmedium

A cloud architect is designing a web application that must remain available during a full region outage. They plan to deploy identical resources in two separate geographical regions. Which high availability architecture is described?

A.Cold standby
B.Active-passive
C.Active-active
D.Warm standby
AnswerC

Both regions are active, handling traffic and providing full redundancy.

Why this answer

Active-active means both regions handle traffic simultaneously, providing load sharing and failover. This matches deploying identical resources in two regions.

12
MCQmedium

A financial services firm requires low latency between on-premises resources and its public cloud VPC. They also need a dedicated, consistent network connection that bypasses the internet. Which connectivity option should they use?

A.Direct Connect / ExpressRoute
B.Cloud CDN
C.Internet gateway
D.Site-to-Site VPN
AnswerA

This dedicated private connection meets the low latency and consistency requirements.

Why this answer

Direct Connect (AWS) or ExpressRoute (Azure) provides a dedicated private connection from on-premises to the cloud, offering lower latency and consistency compared to internet-based VPN.

13
MCQeasy

Which of the following is a key benefit of using object storage like Amazon S3 over block storage?

A.Unlimited scalability for unstructured data
B.Direct attachment to a single VM
C.Supports file-level locking
D.Lower latency for database workloads
AnswerA

Object storage scales to exabytes and is ideal for unstructured data.

Why this answer

Amazon S3 is designed for unlimited scalability, allowing you to store and retrieve any amount of unstructured data (e.g., images, videos, backups) without provisioning storage in advance. Unlike block storage, which has fixed size limits per volume, S3 automatically scales to accommodate petabytes of data, making it ideal for modern cloud-native applications.

Exam trap

Cisco often tests the misconception that object storage is suitable for low-latency transactional workloads, but the trap here is that candidates confuse scalability with performance, forgetting that block storage (e.g., EBS) is optimized for low latency via direct attachment and NVMe protocols, while object storage prioritizes scale and cost over speed.

How to eliminate wrong answers

Option B is wrong because direct attachment to a single VM is a characteristic of block storage (e.g., Amazon EBS), not object storage like S3, which is accessed via HTTP/HTTPS APIs over the network. Option C is wrong because object storage typically does not support file-level locking; it uses eventual consistency or strong consistency for objects, not file locks like NFS or SMB. Option D is wrong because object storage has higher latency compared to block storage (e.g., EBS or local SSD) due to its HTTP-based API and distributed architecture, making it unsuitable for low-latency database workloads.

14
MCQhard

A cloud architect is designing a VPC for a three-tier web application. The web servers must be accessible from the internet, the application servers should only be reachable from the web tier, and the database servers should not have any public IP addresses and should be isolated. Which subnet design meets these requirements?

A.Web tier in public subnet, app tier in private subnet, database tier in a separate private subnet with no internet gateway
B.Web tier in public subnet, app and database tiers in the same private subnet
C.All servers in private subnets with a NAT gateway for inbound traffic
D.All servers in the same public subnet with security groups
AnswerA

This design isolates tiers appropriately: web is public, app is private, database is isolated.

Why this answer

A typical three-tier architecture uses public subnets for web servers (with internet gateway), private subnets for application servers (with NAT for outbound if needed), and isolated database subnets with no internet access. Security groups/NACLs enforce traffic rules.

15
MCQmedium

A company deploys a stateless web application across two AWS Availability Zones behind a load balancer. This design primarily improves which characteristic?

A.Cost efficiency
B.High availability
C.Scalability
D.Security
AnswerB

Availability Zones provide fault isolation, and load balancing distributes traffic, ensuring high availability.

Why this answer

Deploying across multiple AZs with a load balancer increases availability by eliminating single points of failure.

16
MCQeasy

A company wants to migrate its on-premises workloads to the cloud but must keep sensitive customer data on-premises due to regulatory compliance. Which cloud deployment model should they use?

A.Public cloud
B.Hybrid cloud
C.Multi-cloud
D.Private cloud
AnswerB

Hybrid cloud allows keeping sensitive data on-premises while using public cloud for other workloads.

Why this answer

A hybrid cloud connects on-premises infrastructure to public cloud services, allowing sensitive data to remain on-premises while leveraging the public cloud for other workloads.

17
MCQeasy

A company wants to migrate its on-premises virtualized workloads to the cloud while maintaining control over the operating system and middleware. Which cloud service model should they choose?

B.FaaS
AnswerD

IaaS gives the customer control over VMs, OS, and middleware.

Why this answer

IaaS provides virtual machines, storage, and networking, allowing the customer to manage the OS and above. PaaS abstracts the OS, SaaS delivers complete applications, and FaaS is for functions.

18
Multi-Selectmedium

A company is evaluating storage options for different use cases. Which TWO storage types are most suitable for hosting a relational database in the cloud? (Select TWO.)

Select 2 answers
A.File storage
B.Cache storage
C.Archive storage
D.Object storage
E.Block storage
AnswersA, E

File storage can host databases, though block is more common.

Why this answer

Block storage (like EBS, Azure Disk) is designed for databases and VMs with low latency. File storage can also be used but block is optimal. Object storage is not suitable for relational databases.

19
Multi-Selectmedium

A company is designing a hybrid cloud architecture connecting their on-premises data center to AWS. Which TWO options provide dedicated, private network connectivity? (Select TWO.)

Select 2 answers
A.Internet gateway
B.VPC peering
D.Site-to-Site VPN
E.AWS Direct Connect
AnswersD, E

VPN creates a private encrypted tunnel over the internet.

Why this answer

AWS Direct Connect provides dedicated private connection, and VPN over the internet can also be private if encrypted, but it's not dedicated. Site-to-Site VPN is a valid private connectivity option. Internet gateway is public, VPC peering is between VPCs, not on-premises.

20
MCQmedium

An e-commerce application experiences variable traffic with sudden spikes during flash sales. The application is designed to be stateless. Which scaling approach should the cloud architect implement to handle these spikes efficiently?

A.Vertical scaling on a single large instance
B.Horizontal auto-scaling based on CPU utilization
C.Using a load balancer with active-passive failover
D.Pre-provisioning a fixed cluster of instances
AnswerB

Auto-scaling adds instances during spikes and removes them when demand drops, leveraging stateless design.

Why this answer

Horizontal scaling (adding more instances) combined with auto-scaling based on metrics like CPU utilization can dynamically handle traffic spikes. Stateless design enables seamless addition/removal of instances.

21
MCQeasy

Which cloud service model provides the customer with the most control over the operating system and applications?

B.FaaS
AnswerA

IaaS provides VMs, storage, networking; customers manage OS and applications.

Why this answer

IaaS provides virtualized computing resources where customers manage OS and above.

22
MCQeasy

Which cloud service model provides the customer with the ability to deploy and manage custom applications without managing the underlying operating system or runtime environment?

D.FaaS
AnswerB

PaaS abstracts the OS and runtime, allowing customers to focus on application code.

Why this answer

PaaS provides a managed platform where customers deploy their code while the provider manages the OS, runtime, and infrastructure.

23
MCQeasy

Which cloud service model provides the customer with the highest level of control over the operating system and middleware?

B.FaaS
AnswerC

IaaS provides control over the OS, storage, and deployed applications.

Why this answer

IaaS provides virtualized computing resources where the customer manages the OS, middleware, and applications, offering the highest control among the three main service models.

24
MCQhard

An organization needs to recover its critical database within 15 minutes and lose at most 1 minute of data. Which configuration meets these requirements?

A.Active-active with asynchronous replication
B.Warm standby with hourly backups
C.Hot standby with synchronous replication
D.Cold standby with daily backups
AnswerC

Synchronous replication ensures RPO near zero, and hot standby allows fast failover.

Why this answer

Hot standby with synchronous replication ensures that every write to the primary database is also written to the standby before the transaction is acknowledged. This guarantees zero data loss (RPO=0) and, combined with automatic failover, can achieve a recovery time of under 15 minutes (RTO<15 min).

Exam trap

Cisco often tests the distinction between RPO and RTO, and the trap here is that candidates confuse 'asynchronous replication' (which can lose data) with 'synchronous replication' (which preserves data), leading them to pick active-active with async replication despite its inability to meet the 1-minute RPO.

How to eliminate wrong answers

Option A is wrong because active-active with asynchronous replication can cause data loss of more than 1 minute if a failure occurs before the async replication completes, violating the RPO of ≤1 minute. Option B is wrong because warm standby with hourly backups has an RPO of up to 1 hour (not ≤1 minute) and an RTO that typically exceeds 15 minutes due to the need to restore from backup. Option D is wrong because cold standby with daily backups has an RPO of up to 24 hours and an RTO measured in hours or days, far exceeding the 15-minute RTO requirement.

25
Multi-Selecthard

A company wants to ensure fault tolerance for a critical application by deploying across multiple availability zones. Which THREE design decisions contribute to fault tolerance? (Select THREE.)

Select 3 answers
A.Using a single database instance without replication
B.Placing a load balancer in front of the instances to distribute traffic
C.Deploying application instances in at least two availability zones
D.Implementing duplicate components (N+1 redundancy) in each tier
E.Using a single large instance in one AZ
AnswersB, C, D

Load balancers distribute traffic and can route away from failed instances.

Why this answer

Deploying across multiple AZs, using load balancers to distribute traffic, and having redundant components in each AZ contribute to fault tolerance. Single instance and same AZ do not provide fault tolerance.

26
MCQhard

A company hosts a web application on AWS and wants to improve latency for global users. Which service should they use to cache static content at edge locations?

A.Application Load Balancer
B.AWS CloudFront
C.AWS Global Accelerator
D.Amazon Route 53
AnswerB

CloudFront is a CDN that caches at edge locations.

Why this answer

A CDN (like CloudFront) caches content at edge locations to reduce latency for users worldwide.

27
MCQhard

A cloud architect is designing a multi-region application on AWS. The application has a critical database that must tolerate the failure of an entire AWS region. Which strategy provides the lowest RTO while ensuring data consistency?

A.Active-passive with synchronous replication
B.Active-active with asynchronous replication
C.Active-passive with asynchronous replication
D.Multi-cloud active-active with eventual consistency
AnswerA

Synchronous replication ensures data consistency; passive standby can be promoted quickly, minimizing RTO.

Why this answer

Active-passive with synchronous replication provides the lowest RTO for regional failure because the standby region has up-to-date data and can be promoted quickly, though synchronous replication may impact performance. Active-active requires conflict resolution. Asynchronous replication has higher RPO.

Multi-cloud adds complexity and latency.

28
Multi-Selectmedium

A company is using a PaaS offering to host a web application. Which THREE management responsibilities are retained by the customer? (Select THREE.)

Select 3 answers
A.Runtime environment
B.Application code
C.Operating system patches
D.Data and its security
E.Access and identity management
AnswersB, D, E

The customer develops and manages the application code.

Why this answer

In PaaS, the customer manages the application code, data, and access configuration. The provider manages the runtime, OS, and infrastructure.

29
Multi-Selecthard

A cloud architect is evaluating a multi-cloud strategy to improve resilience. Which THREE factors should be considered when designing multi-cloud architecture? (Select THREE.)

Select 3 answers
A.Increased vendor lock-in
B.Data transfer costs between clouds
C.Ability to manage all clouds with a single API
D.Application portability and interoperability
E.Consistent security and compliance policies across clouds
AnswersB, D, E

Egress charges can be significant.

Why this answer

Data transfer costs, consistent security policies, and application portability are key considerations. Vendor lock-in is reduced, not increased. Single API management is not typical for multi-cloud.

30
MCQeasy

A company wants to migrate its on-premises workload to the cloud and needs to maintain full control over the operating system, middleware, and applications. Which cloud service model should the company choose?

B.FaaS
AnswerD

IaaS provides virtual machines where the customer manages OS and above.

Why this answer

IaaS provides virtualized computing resources (VMs, storage, networking) where the customer manages the OS and above, making it the right choice for full control.

31
MCQhard

A company wants to reduce cloud storage costs for data that is accessed frequently for 30 days, then rarely accessed for 90 days, and then must be retained for 7 years for compliance. Which storage lifecycle policy should be implemented?

A.Standard storage for 30 days, then delete
B.Standard storage for 30 days, then infrequent access for 90 days, then archive
C.Archive immediately for 7 years
D.Infrequent access immediately for 120 days, then archive
AnswerB

Correct. This aligns with access patterns and compliance.

Why this answer

A lifecycle policy that transitions from standard storage to infrequent access after 30 days, and then to archive after 120 days (30+90) meets the access patterns and compliance requirements.

32
MCQmedium

A company is migrating a legacy monolithic application to the cloud. The application currently runs on a single server with 16 vCPUs and 64 GB RAM. The cloud architect recommends redesigning the application to be stateless and horizontally scalable. What is the primary benefit of this approach?

A.Lower storage costs
B.Simpler licensing costs
C.Improved fault tolerance and elasticity
D.Reduced network latency
AnswerC

Stateless horizontal scaling improves fault tolerance (failure of one instance does not affect others) and allows elastic scaling.

Why this answer

Horizontal scaling allows adding more instances to handle increased load, improving availability and elasticity compared to vertical scaling of a monolithic server.

33
MCQmedium

A company is experiencing increased traffic to its web application. They want to handle the load by adding more web server instances behind a load balancer. This approach is known as:

A.Stateless design
B.Horizontal scaling
C.Auto-scaling
D.Vertical scaling
AnswerB

Horizontal scaling adds more instances to handle increased load.

Why this answer

Horizontal scaling (scaling out) adds more instances to distribute the load, as opposed to vertical scaling which adds resources to a single instance.

34
MCQmedium

A cloud architect is designing a highly available web application. The application must remain available even if an entire AWS Availability Zone fails. The architect decides to deploy identical application instances in two separate Availability Zones and distribute traffic equally. Which architecture is being implemented?

A.Fault tolerance
B.Warm standby
C.Active-active
D.Active-passive
AnswerC

Both instances are active and traffic is distributed equally.

Why this answer

Active-active architecture distributes traffic across all instances; if one zone fails, the other continues serving traffic.

35
MCQmedium

A healthcare organization must store patient imaging data that is accessed infrequently but must be retained for 7 years. They need the lowest-cost storage option while ensuring data can be retrieved within 12 hours if needed. Which storage class should they use?

A.Object storage standard tier
B.Archive storage (Glacier / Azure Archive)
C.Block storage with snapshots
D.File storage (EFS / Azure Files)
AnswerB

Archive storage is cheapest for long-term retention with retrieval times up to 12 hours.

Why this answer

Archive storage like Amazon S3 Glacier Deep Archive or Azure Archive is the lowest cost for long-term retention, with retrieval times ranging from minutes to 12 hours.

36
MCQmedium

A company wants to migrate a legacy application to the cloud. The application has a monolithic design and requires low-latency access to on-premises databases. The company needs to keep sensitive data on-premises due to regulatory compliance. Which cloud deployment model is most suitable?

A.Public cloud
B.Hybrid cloud
C.Multi-cloud
D.Private cloud
AnswerB

Hybrid cloud allows workloads in public cloud with connectivity to on-premises resources, meeting latency and compliance needs.

Why this answer

Hybrid cloud connects on-premises infrastructure with public cloud, allowing the legacy app to run in the cloud while maintaining low-latency access to on-premises databases and keeping sensitive data on-premises. Public cloud alone would not allow data residency. Private cloud is on-premises only, missing cloud benefits.

Multi-cloud involves multiple public clouds, which does not address the on-premises requirement.

37
MCQhard

A company is designing a VPC in AWS. They need to host a web application with a public-facing load balancer, web servers in private subnets, and a database in a separate private subnet. Which network architecture is most secure and aligns with best practices?

A.Public subnet for load balancer, private subnet for web servers and database together
B.Public subnet for load balancer, private subnet for web servers, separate private subnet for database
C.All resources in public subnets with security groups restricting access
D.All resources in private subnets with a VPN connection
AnswerB

This three-tier architecture follows best practices for security and isolation.

Why this answer

A three-tier architecture with a public subnet for the load balancer, private subnets for web servers, and a separate private subnet for the database provides security and isolation.

38
MCQhard

A company wants to migrate a stateful application to the cloud but needs to ensure it can scale horizontally. What architectural change is required?

A.Deploy in multiple availability zones
B.Move session state to a shared database or cache
C.Implement sticky sessions on the load balancer
D.Use larger instance types
AnswerB

Externalizing state allows any instance to handle any request, enabling horizontal scaling.

Why this answer

Horizontal scaling requires stateless application design; sessions must be externalized to a shared data store.

39
MCQmedium

A cloud architect is designing a VPC with public and private subnets. Which component is required to allow instances in the private subnet to access the internet for software updates?

B.Elastic IP
C.VPN connection
D.Internet gateway
AnswerA

NAT gateway allows outbound traffic from private subnets to the internet.

Why this answer

A NAT gateway is required to enable instances in a private subnet to initiate outbound connections to the internet (e.g., for software updates) while preventing the internet from initiating inbound connections to those instances. It translates the private IP addresses of the instances to the NAT gateway's Elastic IP address using source network address translation (SNAT). An Internet gateway alone cannot serve private subnets because it requires a route table entry pointing to a public subnet with a public IP address.

Exam trap

The trap here is that candidates often confuse the Internet gateway with the NAT gateway, assuming that an Internet gateway can provide internet access to private subnets, but it only works for public subnets with instances that have public IP addresses.

How to eliminate wrong answers

Option B is wrong because an Elastic IP is a static public IPv4 address that must be associated with a resource in a public subnet (e.g., an EC2 instance or a NAT gateway) to provide internet access; assigning an Elastic IP directly to a private instance does not enable internet access without a routing path through an Internet gateway or NAT device. Option C is wrong because a VPN connection provides secure connectivity between a VPC and an on-premises network, not direct internet access; it does not route traffic to the public internet unless combined with additional components like a NAT gateway or proxy. Option D is wrong because an Internet gateway allows bidirectional traffic between a VPC and the internet, but it only works for instances with public IP addresses in public subnets; private subnet instances cannot use an Internet gateway directly because they lack a public IP and the route table for the private subnet does not point to the Internet gateway.

40
MCQmedium

A cloud architect is designing a VPC with multiple tiers. The web servers must be accessible from the internet, but the database servers must not be directly accessible. Which subnet design should the architect implement?

A.Place all servers in public subnets and restrict access via security groups
B.Place web servers in a private subnet and database servers in a public subnet
C.Place all servers in private subnets and use a bastion host for access
D.Place web servers in a public subnet and database servers in a private subnet
AnswerD

Correct. This keeps databases isolated from direct internet access.

Why this answer

Public subnets for web servers and private subnets for databases, with a load balancer in the public subnet routing to web servers in a private subnet if needed; but typically web servers are in public subnets.

41
MCQhard

An organization wants to minimize costs for a batch processing workload that runs nightly for 2 hours and can tolerate interruptions. Which pricing model is most cost-effective?

A.On-demand instances
B.Reserved instances
C.Dedicated hosts
D.Spot instances
AnswerD

Spot instances are discounted up to 90% and can be interrupted, ideal for batch jobs that can restart.

Why this answer

Spot instances offer significant discounts but can be terminated; suitable for fault-tolerant, interruptible workloads.

42
Multi-Selecthard

A company is migrating a legacy application to the cloud. The application has a stateful design and requires low-latency access to a shared file system. The application must scale horizontally to handle increased load. Which THREE of the following architectural changes should be recommended to enable horizontal scaling?

Select 3 answers
A.Increase the size of the existing virtual machines (vertical scaling)
B.Use sticky sessions (session affinity) on the load balancer
C.Refactor the application to be stateless
D.Implement a shared file system using Amazon EFS or Azure Files
E.Move session state to a centralized database such as ElastiCache or DynamoDB
AnswersC, D, E

Statelessness enables any instance to handle any request, facilitating horizontal scaling.

Why this answer

Option C is correct because horizontal scaling requires that any instance can handle any request without depending on local state. By refactoring the application to be stateless, session data is externalized, allowing new instances to be added or removed without affecting ongoing transactions. This eliminates the coupling between a client and a specific server, which is essential for elastic scaling in cloud environments.

Exam trap

Cisco often tests the misconception that sticky sessions (session affinity) are a valid solution for scaling stateful applications, but in reality they create a hard dependency on a specific server, which directly contradicts the principles of horizontal scaling and fault tolerance.

43
MCQmedium

A company wants to reduce cloud costs for a stateless batch processing workload that runs nightly for about 3 hours. The workload can tolerate interruptions. Which pricing model is most cost-effective?

A.Reserved instances
B.Dedicated hosts
C.Spot instances
D.On-demand instances
AnswerC

Spot instances are cheap and suitable for fault-tolerant workloads.

Why this answer

Spot/preemptible instances offer significant discounts (up to 90%) but can be terminated by the provider. They are ideal for fault-tolerant, interruptible workloads like batch processing.

44
MCQhard

An organization runs a batch processing job that runs for 2 hours every night. The job can tolerate interruptions and can resume from the last checkpoint. Which cloud purchasing option minimizes cost?

A.Reserved instances
B.Spot instances
C.Dedicated hosts
D.On-demand instances
AnswerB

Spot instances are cheap and suitable for tolerant workloads.

Why this answer

Spot instances (preemptible VMs) offer significant discounts and are suitable for fault-tolerant, interruptible workloads. Reserved instances are for steady-state usage. On-demand is more expensive.

Dedicated hosts are for regulatory compliance or licensing.

45
MCQmedium

A financial services company requires a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 5 minutes for its critical database. Which high availability architecture should they implement?

A.Active-passive with synchronous replication
B.Warm standby
C.Active-active with asynchronous replication
D.Cold standby
AnswerA

Synchronous replication ensures RPO; failover is fast, meeting RTO.

Why this answer

Active-passive with synchronous replication provides fast failover and minimal data loss, meeting the RTO of 15 minutes and RPO of 5 minutes. Hot standby can fail over quickly, but synchronous replication ensures the RPO.

46
MCQeasy

A startup wants to run code in response to events without provisioning or managing servers. Which cloud service model should they use?

C.FaaS
AnswerC

Correct. FaaS executes code in a serverless environment.

Why this answer

FaaS (serverless) runs code in response to events, and the provider manages the infrastructure.

47
MCQeasy

A company wants to migrate its on-premises workloads to the cloud and requires full control over the operating system, installed software, and security configurations. Which cloud service model should they choose?

A.FaaS
AnswerB

Correct. IaaS grants control over OS, storage, and applications.

Why this answer

IaaS provides virtualized computing resources where the customer manages the OS and above, giving full control.

48
MCQeasy

A company wants to migrate its on-premises workloads to the cloud but must keep sensitive data on-premises due to regulatory requirements. Which cloud deployment model should the company use?

A.Multi-cloud
B.Public cloud
C.Hybrid cloud
D.Private cloud
AnswerC

Hybrid cloud allows sensitive data to remain on-premises while using public cloud resources for other workloads.

Why this answer

A hybrid cloud connects on-premises infrastructure with public cloud resources, allowing sensitive data to remain on-premises while leveraging the cloud for other workloads.

49
MCQhard

A company deploys a multi-region active-active application on AWS. They use Route 53 with a latency routing policy. Traffic from Europe is routed to the eu-west-1 region, but during a regional failure, some European users experience timeouts. Which routing policy should be added to improve availability?

A.Latency-based routing with health checks and failover
B.Geolocation routing
C.Failover routing
D.Weighted routing
AnswerA

Health checks detect failure and Route 53 can redirect to the next best region, improving availability.

Why this answer

Combining latency with failover routing provides automatic failover to a healthy region.

50
Multi-Selectmedium

A cloud architect is designing a highly available application on AWS. The application must be fault-tolerant and able to withstand the failure of an entire Availability Zone. Which TWO actions should the architect take? (Select TWO.)

Select 2 answers
A.Store application state on the local instance store
B.Deploy EC2 instances in a single Availability Zone
C.Use a single large EC2 instance
D.Deploy EC2 instances across two or more Availability Zones
E.Configure an Auto Scaling group to span multiple Availability Zones
AnswersD, E

Multiple zones provide redundancy for zone failure.

Why this answer

Deploying across multiple Availability Zones and using an auto scaling group across those zones ensures that if one zone fails, the application continues in the other zones.

51
MCQhard

A cloud architect is designing a VPC with three tiers: web, application, and database. Which subnet design provides the best security posture?

A.Web in public subnet, app and database in private subnets with appropriate routing
B.Web and app in public subnets, database in private subnet
C.All tiers in private subnets with a VPN
D.All tiers in the same public subnet with security groups
AnswerA

This separates internet-facing from internal tiers, reducing risk.

Why this answer

Option A is correct because it follows the principle of least privilege and network segmentation. Placing the web tier in a public subnet allows it to receive internet traffic, while the application and database tiers reside in private subnets with no direct internet access. This design ensures that only the web tier is exposed, and the database is isolated, accessible only via the application tier through controlled routing, significantly reducing the attack surface.

Exam trap

Cisco often tests the misconception that security groups alone are sufficient for network segmentation, leading candidates to choose Option D, but security groups are stateful firewalls at the instance level and do not replace the need for subnet-level isolation and controlled routing paths.

How to eliminate wrong answers

Option B is wrong because placing the application tier in a public subnet exposes it to the internet, increasing the risk of direct attacks on application logic and potentially compromising the database. Option C is wrong because placing all tiers in private subnets with a VPN is overly restrictive and impractical for a web-facing application; it would require all users to have VPN access, which is not typical for public web services. Option D is wrong because placing all tiers in the same public subnet violates network segmentation best practices; security groups alone cannot prevent lateral movement between tiers if an attacker compromises one instance, as they share the same network broadcast domain and routing path.

52
MCQeasy

Which storage type is most suitable for hosting a shared file system accessible by multiple virtual machines in a cloud environment?

A.Archive storage
B.Object storage
C.Block storage
D.File storage
AnswerD

File storage supports shared access via NFS or SMB.

Why this answer

File storage (option D) is the correct choice because it provides a hierarchical, shared file system that multiple virtual machines can mount simultaneously using standard protocols like NFS (Network File System) or SMB/CIFS. This allows concurrent read/write access with file-level locking, making it ideal for shared workloads such as home directories, content management, or collaboration tools in a cloud environment.

Exam trap

Cisco often tests the misconception that block storage can be shared by multiple VMs, but the trap here is that block storage is a single-attach device unless you implement a complex clustered file system (e.g., GFS2 or OCFS2), which is not the default or simplest solution for shared access.

How to eliminate wrong answers

Option A is wrong because archive storage is designed for long-term, infrequently accessed data with high retrieval latency, not for active, concurrent file sharing by multiple VMs. Option B is wrong because object storage uses a flat namespace with HTTP-based APIs (e.g., S3) and lacks native file system semantics like hierarchical directories and file-level locking, making it unsuitable for shared file system access. Option C is wrong because block storage presents raw volumes (e.g., iSCSI or NVMe-oF) that can only be attached to a single VM at a time; it does not support concurrent multi-VM access without a clustered file system overlay, which adds complexity and is not a native feature.

53
MCQhard

A cloud architect is designing a multi-region application with a Recovery Time Objective (RTO) of 1 hour and a Recovery Point Objective (RPO) of 15 minutes. The application runs on virtual machines in a public cloud. Which disaster recovery strategy best meets these objectives?

A.Hot standby in a secondary region with synchronous replication
B.Active-active across two regions with load balancing
C.Cold standby with daily backups
D.Warm standby with hourly snapshots
AnswerA

Hot standby with synchronous replication provides RTO of minutes and RPO near zero, meeting the requirements.

Why this answer

Hot standby involves running a fully functional standby environment that can take over within minutes, achieving low RTO and RPO. Active-active can also meet these but may be more complex and costly; warm standby typically has longer RTO; cold standby has hours.

54
MCQhard

A company uses AWS and Azure for different workloads. To improve latency for global users, the company wants to direct traffic to the cloud provider and region closest to the user. Which DNS routing policy should the company implement?

A.Failover routing policy
B.Weighted routing policy
C.Latency routing policy
D.Geolocation routing policy
AnswerD

Geolocation routing directs traffic based on the user's location, allowing mapping to specific endpoints.

Why this answer

Geolocation routing policy routes traffic based on the user's geographic location, allowing the company to direct users to the nearest provider and region.

55
MCQmedium

A company is deploying a global web application that serves static content (images, CSS, JavaScript) to users worldwide. They want to reduce latency and offload traffic from the origin servers. Which service should they implement?

A.Auto-scaling group
B.VPN connection
D.Content Delivery Network (CDN)
AnswerD

CDN caches content at edge locations, reducing latency.

Why this answer

A Content Delivery Network (CDN) caches static content at edge locations worldwide, reducing latency and offloading origin servers.

56
Multi-Selecthard

A cloud architect is designing a multi-tier application on a public cloud. The application must be highly available and fault-tolerant within a single region. Which three items should be included in the architecture? (Select THREE.)

Select 3 answers
A.Deploy resources in multiple availability zones
B.Place a load balancer in front of the web tier
C.Use a single instance in one availability zone
D.Use a single database instance without replication
E.Implement health checks for all instances
AnswersA, B, E

Availability zones are isolated within a region; using multiple provides fault isolation.

Why this answer

High availability within a region requires distributing resources across availability zones, using load balancers for traffic distribution, and implementing health checks for automatic failover.

57
MCQmedium

A company is running a stateless web application on a public cloud. They expect traffic to spike during certain hours. Which scaling strategy would be most cost-effective and efficient?

A.Using a larger instance type and scheduling scaling actions
B.Pre-provisioning double capacity permanently
C.Horizontal scaling using auto-scaling groups based on CPU utilization
D.Vertical scaling with manual adjustments before anticipated spikes
AnswerC

Auto-scaling adds or removes instances automatically based on demand, optimizing cost and performance.

Why this answer

Horizontal scaling (adding more instances) combined with auto-scaling based on metrics like CPU usage allows the application to handle spikes cost-effectively without over-provisioning.

58
MCQeasy

Which of the following storage types is most suitable for hosting a shared file system that multiple virtual machines need to access concurrently using NFS?

A.Archive storage
B.File storage
C.Block storage
D.Object storage
AnswerB

Correct. File storage supports NFS for concurrent access.

Why this answer

File storage (e.g., EFS, Azure Files) provides a shared file system accessible via NFS or SMB.

59
MCQhard

A company runs a stateless web application on AWS EC2 instances behind an Application Load Balancer. To reduce costs, they want to use the most cost-effective compute option that can handle variable traffic and be interrupted. Which pricing model should they use for the EC2 instances?

A.Dedicated hosts
B.Spot instances
C.Reserved instances
D.On-demand instances
AnswerB

Spot instances are cost-effective and suited for variable, interruption-tolerant workloads.

Why this answer

Spot instances offer significant cost savings but can be interrupted, making them suitable for stateless, fault-tolerant workloads that can handle interruptions.

60
MCQmedium

A company wants to connect its on-premises data center to a public cloud provider with a dedicated, high-bandwidth, low-latency connection. The connection must be private and not traverse the internet. Which connectivity option should be used?

A.Site-to-Site VPN
B.Internet gateway
C.VPC peering
D.Direct Connect or ExpressRoute
AnswerD

These provide dedicated private connections with consistent performance.

Why this answer

Direct Connect (AWS) or ExpressRoute (Azure) provides a dedicated private connection from on-premises to the cloud. VPN uses the internet and has lower performance. Internet gateway is for internet access.

VPC peering connects VPCs within the cloud.

61
Multi-Selectmedium

A company is designing a disaster recovery solution with a recovery time objective (RTO) of 1 hour and a recovery point objective (RPO) of 15 minutes. Which TWO strategies would meet these requirements? (Select TWO.)

Select 2 answers
A.Active-active
B.Hot standby
C.Backup and restore
D.Warm standby
E.Cold standby
AnswersB, D

Hot standby has resources ready and can fail over within minutes, meeting RTO of 1 hour and RPO of 15 minutes.

Why this answer

Hot standby provides near-zero RTO and RPO, while warm standby can achieve RTO of 1 hour and RPO of 15 minutes if properly configured. Cold standby and backup/restore typically have longer RTO/RPO.

62
MCQeasy

Which cloud service model provides the customer with the most control over the operating system and software stack?

A.FaaS
AnswerD

IaaS provides virtual machines, storage, and networking; the customer manages the OS and above.

Why this answer

IaaS provides virtualized computing resources where the customer manages the OS, middleware, and applications. PaaS abstracts the OS, SaaS provides complete applications, and FaaS abstracts the runtime entirely.

63
Multi-Selecthard

A company is migrating its on-premises application to a public cloud. The application consists of a web server, an application server, and a database. They want to minimize management overhead while ensuring the application can scale automatically. Which THREE cloud service models should they consider for each component to achieve this goal? (Select THREE.)

Select 3 answers
A.SaaS for database
B.PaaS for database
C.IaaS for web server
D.PaaS for application server
E.PaaS for web server
AnswersB, D, E

Managed database services like RDS offer auto-scaling and reduced management.

Why this answer

For web server: PaaS (e.g., AWS Elastic Beanstalk) can manage the runtime and scaling. For application server: PaaS also works. For database: PaaS (e.g., Amazon RDS) provides managed database with auto-scaling.

IaaS would require more management of OS and scaling. SaaS is complete application, not appropriate for custom components. FaaS could be used but is more granular.

64
MCQeasy

Which of the following is a characteristic of serverless computing (FaaS)?

A.You pay for allocated resources regardless of usage
B.You are charged per execution or compute time
C.You must manage the underlying servers
D.You have to provision capacity in advance
AnswerB

Pay-per-execution is a key serverless feature.

Why this answer

FaaS executes code in response to events and charges only for the compute time consumed.

65
MCQmedium

A company uses AWS and Azure for redundancy. They deploy the same application on both clouds to avoid vendor lock-in and improve disaster recovery. Which cloud deployment model is this?

A.Community cloud
B.Hybrid cloud
C.Private cloud
D.Multi-cloud
AnswerD

Multi-cloud uses multiple public clouds.

Why this answer

Multi-cloud uses multiple public cloud providers for redundancy and best-of-breed services.

66
MCQeasy

Which storage type is most appropriate for a shared file system that multiple virtual machines need to mount simultaneously with read/write access?

A.Archive storage
B.File storage
C.Object storage
D.Block storage
AnswerB

File storage provides a shared file system accessible by multiple VMs.

Why this answer

File storage (e.g., Amazon EFS, Azure Files) provides a shared file system that can be mounted by multiple VMs. Block storage is attached to a single VM. Object storage does not support file system semantics like locking.

Archive storage is for long-term cold data.

67
Multi-Selecthard

A company is designing a highly available architecture for a critical application. The solution must tolerate the failure of an entire availability zone. Which TWO design principles should be implemented? (Choose two.)

Select 2 answers
A.Deploy instances in a single availability zone
B.Use RAID 0 for all instance storage
C.Use a single load balancer without health checks
D.Use a load balancer with health checks and cross-zone load balancing
E.Deploy instances across multiple availability zones
AnswersD, E

Correct. Health checks and cross-zone balancing help route traffic to healthy instances.

Why this answer

To tolerate an AZ failure, deploy across multiple AZs and use active-active or active-passive with failover. So deploying across multiple AZs and using a load balancer with health checks to route traffic away from failed AZ are correct.

68
MCQeasy

Which cloud service model gives the customer the most control over the operating system and applications, while the provider manages the physical hardware, network, and storage?

A.FaaS
AnswerD

IaaS provides VMs, storage, networking; customer manages OS and above.

Why this answer

IaaS provides virtualized computing resources where the customer manages the OS, applications, and middleware, while the provider manages the underlying infrastructure.

69
MCQeasy

A company decides to use AWS for compute and Azure for storage to leverage best-of-breed services. This is an example of which cloud deployment model?

A.Multi-cloud
B.Community cloud
C.Public cloud
D.Hybrid cloud
AnswerA

Using multiple public cloud providers for different services is multi-cloud.

Why this answer

Multi-cloud refers to using multiple public cloud providers simultaneously.

70
MCQhard

A company uses an auto-scaling group to handle variable web traffic. The scaling policy is based on CPU utilization. However, during a flash sale, the application experiences a sudden spike in traffic, and the auto-scaling group takes too long to launch new instances. Which design change would most effectively reduce the time to scale out?

A.Use larger instance types to handle more traffic
B.Lower the CPU utilization threshold
C.Increase the cooldown period
D.Use scheduled scaling to pre-warm instances before the sale
AnswerD

Proactive scaling reduces response time.

Why this answer

Using a predictive scaling policy or scheduled scaling can anticipate traffic spikes and pre-warm instances, reducing launch delay. Alternatively, increasing the cooldown period would slow scaling. Lowering the threshold would cause earlier scaling but not necessarily reduce launch time.

Using larger instances is vertical scaling, not addressing launch delay.

71
Multi-Selectmedium

A cloud architect is reviewing costs for a production environment. The environment uses a mix of EC2 instances and RDS databases. Which THREE of the following are effective cost optimization strategies?

Select 3 answers
A.Use reserved instances for baseline capacity
B.Implement storage lifecycle policies to move old data to cheaper storage tiers
C.Use all SSD storage for all data to maximize performance
D.Rightsize instances based on actual utilization metrics
E.Run all instances 24/7 to ensure availability
AnswersA, B, D

Reserved instances offer significant discounts for predictable workloads.

Why this answer

Reserved instances provide discounts for steady-state usage. Storage lifecycle policies move data to cheaper tiers over time. Rightsizing ensures resources match workload requirements, reducing waste.

Using all SSD even for cold data is expensive. Running instances 24/7 when not needed increases costs unnecessarily.

72
MCQmedium

A cloud architect is choosing a compute pricing model for a batch processing job that runs for 2 hours every night. The job can be interrupted. Which option is most cost-effective?

A.Reserved instances for 1 year
B.Spot instances
C.On-demand instances
D.Dedicated hosts
AnswerB

Spot instances are cheaper and suitable for interruptible workloads.

Why this answer

Spot instances are the most cost-effective option because the batch processing job is fault-tolerant (can be interrupted) and runs for a fixed, short duration (2 hours nightly). Spot instances offer significant discounts (often 60-90% off on-demand pricing) by leveraging unused cloud capacity, which can be reclaimed with a 2-minute warning. This aligns perfectly with the workload's tolerance for interruption and its predictable but non-critical schedule.

Exam trap

Cisco often tests the misconception that Reserved instances are always cheaper for any recurring workload, but the trap here is that the short, interruptible nature of the job makes spot instances far more cost-effective than committing to a long-term reservation.

How to eliminate wrong answers

Option A is wrong because Reserved instances require a 1-year or 3-year commitment and are designed for steady-state, always-on workloads; paying upfront for a full year to cover only 2 hours per night is wasteful and not cost-effective. Option C is wrong because On-demand instances charge per hour with no discount, making them more expensive than spot instances for a batch job that can tolerate interruptions. Option D is wrong because Dedicated hosts are physical servers dedicated to a single customer, incurring high costs for full server capacity regardless of usage; they are intended for compliance or licensing needs, not for cost optimization on an interruptible batch job.

73
MCQmedium

A cloud architect is designing a highly available web application on AWS. The application must continue serving traffic even if an entire AWS Availability Zone fails. Which architecture should the architect implement?

A.Active-passive in a single Availability Zone
B.Active-active across two Availability Zones
C.Vertical scaling on a single instance
D.Active-passive across two regions
AnswerB

Active-active across zones allows continued service if one zone fails.

Why this answer

Active-active architecture across multiple Availability Zones ensures that if one zone fails, traffic is routed to the remaining healthy zones, providing high availability.

74
MCQmedium

A company uses Azure and wants to connect its on-premises data center to Azure with a dedicated, private, and high-bandwidth connection. Which service should the company use?

A.Azure ExpressRoute
B.Site-to-Site VPN
C.Azure Front Door
D.Azure VPN Gateway
AnswerA

ExpressRoute is a dedicated private connection ideal for high-bandwidth and low-latency needs.

Why this answer

Azure ExpressRoute provides a dedicated private connection from on-premises to Azure, offering higher bandwidth and reliability than VPN.

75
MCQmedium

A company is deploying a web application that requires high availability across two geographically separate data centers. The application must be active in both sites simultaneously, and traffic must be load-balanced between them. Which architecture best meets these requirements?

A.Active-active architecture
B.Active-passive architecture
C.Fault-tolerant N+1 architecture
D.Warm standby architecture
AnswerA

Both sites are active and load-balanced, meeting the requirement.

Why this answer

Active-active architecture allows both sites to handle traffic simultaneously, providing load balancing and high availability. Active-passive would leave one site idle. Warm standby implies one site is not fully active.

Fault tolerance (N+1) is a component-level concept, not a site-level architecture.

Page 1 of 2 · 120 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Clp Architecture Design questions.

CCNA Clp Architecture Design Questions — Page 1 of 2 | Courseiva