CCNA Clp Deployment Questions

75 of 127 questions · Page 1/2 · Clp Deployment topic · Answers revealed

1
MCQmedium

An organization uses AWS CloudFormation to deploy resources across multiple AWS accounts. They need to manage a common set of resources in several accounts from a single template. Which CloudFormation feature should they use?

A.Change sets
B.Nested stacks
C.Drift Detection
D.StackSets
AnswerD

StackSets enable deployment of stacks across multiple accounts and regions.

Why this answer

StackSets allow deploying stacks across multiple accounts and regions. Change sets show changes before execution; Drift Detection detects configuration drift; Nested stacks are for reusability within a single account.

2
Multi-Selecteasy

A cloud administrator is planning to migrate a large on-premises database (several TB) to Amazon RDS with minimal downtime. Which TWO AWS services should be considered for this migration?

Select 2 answers
A.AWS Database Migration Service
B.AWS Schema Conversion Tool
C.AWS DataSync
D.AWS Snowball
E.S3 Transfer Acceleration
AnswersA, B

DMS supports minimal downtime migrations via CDC.

Why this answer

AWS Database Migration Service (DMS) can perform online migrations with minimal downtime using CDC. Schema Conversion Tool helps convert database schema if needed.

3
Multi-Selecthard

A data scientist is migrating a 10 TB on-premises PostgreSQL database to Amazon RDS for PostgreSQL. The migration must have minimal downtime. Which TWO AWS services should the data scientist use together to achieve this? (Select TWO.)

Select 2 answers
A.AWS Snowball
B.AWS Direct Connect
C.AWS Schema Conversion Tool (SCT)
D.AWS Database Migration Service (DMS)
E.AWS DataSync
AnswersB, D

Direct Connect provides stable network for DMS replication.

Why this answer

AWS DMS supports ongoing replication via CDC, enabling minimal downtime. Schema Conversion Tool (SCT) is needed if converting to a different engine, but for PostgreSQL to RDS PostgreSQL, it's not required. However, SCT can still be used to assess and optimize schema.

AWS DataSync is for file transfers, not databases. Snowball is for offline transfer, not minimal downtime. Direct Connect improves network but not replication.

4
Multi-Selectmedium

A cloud engineer is using Terraform to manage infrastructure and wants to store the state file remotely for team collaboration. Which THREE backends support state locking and encryption at rest?

Select 3 answers
A.Azure Blob Storage
B.Google Cloud Storage (GCS)
C.AWS S3 with DynamoDB for locking
D.HashiCorp Consul
E.Git repository
AnswersA, B, C

Azure Blob Storage supports state locking with lease blobs.

Why this answer

AWS S3 with DynamoDB locks, Azure Blob Storage with leasing, and GCS with object versioning all support locking and encryption. Terraform Cloud also does, but it's not listed. Git and Consul are not recommended for production state.

5
MCQmedium

A company is adopting a blue/green deployment strategy for their web application running on AWS. They have two identical environments (blue and green) behind an Application Load Balancer. What must they change to switch traffic from blue to green?

A.Restart the web server on the green environment
B.Update the security group for the green environment
C.Change the DNS record to point to the green environment's IP
D.Modify the Auto Scaling group to replace blue instances
AnswerC

In a blue/green deployment, you can switch traffic by updating DNS or the load balancer target group. Changing DNS is a valid method.

Why this answer

In a blue/green deployment, you switch traffic by updating the target group attached to the load balancer from the blue environment to the green environment, or by updating DNS records. The most common method is to modify the load balancer's listener rules or target groups.

6
Multi-Selectmedium

A development team is adopting Kubernetes for container orchestration. They need to ensure that a new deployment can handle rolling updates and automatically recover from pod failures. Which THREE Kubernetes concepts should be included in the deployment manifest?

Select 3 answers
A.Readiness probe
B.Service
C.Deployment
D.Liveness probe
E.StatefulSet
AnswersA, C, D

Readiness probe indicates when a pod is ready to receive traffic.

Why this answer

Deployment resource manages rolling updates. Readiness probes ensure traffic is sent only to ready pods. Liveness probes restart unhealthy pods.

7
MCQmedium

A company wants to deploy a new version of a web application with zero downtime. They decide to use a blue/green deployment strategy. Which action is essential to switching traffic from the blue environment to the green environment?

A.Scale down the blue environment before traffic is switched
B.Deploy a canary release that sends 10% of traffic to green first
C.Update the load balancer target group to point to the green environment
D.Modify the DNS TTL to 0 and update A records
AnswerC

Correct. Changing the load balancer routing effectively shifts traffic.

Why this answer

In a blue/green deployment, the load balancer is the traffic router. Updating the load balancer target group to point to the green environment is essential because it instantly shifts production traffic from the blue (current) to the green (new) environment without downtime. This action ensures the load balancer forwards requests to the healthy green targets, completing the cutover.

Exam trap

Cisco often tests the distinction between DNS-based traffic switching (which has propagation delays and is not instantaneous) and load balancer target group updates (which provide immediate, atomic traffic shifting), leading candidates to incorrectly choose DNS modifications for zero-downtime blue/green deployments.

How to eliminate wrong answers

Option A is wrong because scaling down the blue environment before switching traffic would cause downtime if the switch fails or is delayed; the blue environment must remain fully operational until traffic is confirmed on green. Option B is wrong because a canary release (sending 10% of traffic to green) is a separate progressive delivery strategy, not a required step for a standard blue/green deployment, which aims for an immediate full cutover. Option D is wrong because modifying DNS TTL to 0 and updating A records is a DNS-based traffic shift that introduces propagation delays and is not the immediate, atomic switch provided by a load balancer target group update; blue/green deployments typically rely on the load balancer, not DNS changes, for zero-downtime traffic switching.

8
MCQmedium

A DevOps team is implementing a CI/CD pipeline using Jenkins. They want to ensure that code is automatically built, tested, and deployed to a staging environment before manual approval for production. Which stage should include the deployment to staging?

A.Build
B.Deploy
C.Source
D.Verify
AnswerB

Deploy stage pushes artifacts to environments like staging.

Why this answer

In a typical CI/CD pipeline, the deploy stage follows build and test, and before production.

9
Multi-Selecthard

An organization uses Azure DevOps for CI/CD and needs to deploy serverless functions written in multiple languages. The functions must be triggered by HTTP requests and handle background processing from Azure Blob Storage events. Which THREE Azure services should be used to build this solution?

Select 3 answers
A.Azure API Management
B.Azure Logic Apps
C.Azure Blob Storage
D.Azure Functions
E.Azure Application Insights
AnswersA, C, D

API Management can expose HTTP triggers and manage APIs.

Why this answer

Azure Functions is the compute service. API Management provides HTTP triggers with management. Azure Blob Storage can trigger functions via event subscriptions (Event Grid).

Logic Apps is for workflows, not functions. Application Insights is for monitoring.

10
MCQeasy

A cloud engineer is writing a Terraform configuration to provision an AWS EC2 instance. They need to pass the AMI ID as a variable to make the configuration reusable. Which Terraform block should be used to define the variable?

A.output
B.provider
C.variable
D.resource
AnswerC

Correct block for input variables.

Why this answer

Variables are defined using the 'variable' block. 'resource' declares resources; 'provider' configures providers; 'output' defines outputs.

11
MCQeasy

A cloud administrator needs to migrate 100 TB of data from an on-premises NAS to Google Cloud Storage. The on-premises network bandwidth is limited to 100 Mbps. Which service should be used to accelerate the transfer?

A.Azure Data Box
B.Storage Transfer Service
C.AWS DataSync
D.Snowball
AnswerB

GCP Storage Transfer Service can transfer data from HTTP/HTTPS and cloud providers, but for on-premises, it's used with a staging area; however, it's the correct GCP service for large transfers.

Why this answer

Google Cloud Storage Transfer Service (also known as Storage Transfer Service) can accelerate transfers, but for large datasets over slow networks, offline options like Transfer Appliance are better. However, among the options, Storage Transfer Service is the GCP service for online transfer, but the question implies acceleration. Actually, for GCP, the correct service is Storage Transfer Service.

But note: GCP also has Transfer Appliance for offline. But option B is correct as per common knowledge.

12
MCQeasy

A developer wants to deploy an application using Azure Bicep. What is a key benefit of using Bicep over ARM templates?

A.Bicep has simpler, more readable syntax than ARM JSON
B.Bicep can be used to manage any cloud provider
C.Bicep eliminates the need for resource providers
D.Bicep supports imperative scripting
AnswerA

Correct. Bicep reduces complexity with a concise syntax.

Why this answer

Bicep is a domain-specific language that simplifies authoring ARM templates by providing a cleaner syntax, modularization, and code reuse. It compiles to ARM JSON templates.

13
MCQmedium

A company is adopting a canary deployment strategy for a microservice running on Kubernetes. They want to initially route 5% of traffic to the new version and monitor for errors before increasing. Which Kubernetes resource is best suited to implement this traffic splitting?

A.ConfigMap
B.Ingress resource
C.Service with multiple Deployments and replica scaling
D.HorizontalPodAutoscaler
AnswerC

Correct. By running two Deployments (stable and canary) and scaling replicas, the Service distributes traffic proportionally based on pod counts.

Why this answer

Service meshes like Istio provide traffic routing capabilities, but in native Kubernetes, a Service can be used with multiple Deployments, but traffic splitting is not native. However, using a Service with label selectors that match both versions and manually adjusting replica counts is a common approach, but more advanced canary deployments use tools like Flagger or Istio. Among the options, a Service with a canary Deployment and adjusting replicas is most straightforward.

14
MCQeasy

A cloud administrator needs to transfer 50 TB of data from an on-premises NAS to Amazon S3. The office has limited bandwidth (50 Mbps). Which service is most suitable for this offline transfer?

A.AWS VPN
B.AWS DataSync
C.AWS Snowball
D.S3 Transfer Acceleration
AnswerC

Snowball is a physical device for offline transfer, suitable for large data volumes over limited bandwidth.

Why this answer

AWS Snowball is designed for large offline data transfers where network bandwidth is limited. Physical devices are shipped to transfer data.

15
MCQmedium

A company uses GitLab CI for its CI/CD pipeline. The pipeline includes a 'deploy' job that runs only when a tag is pushed. Which GitLab CI keyword should be used to control job execution based on tags?

A.stage
B.except
C.only
D.needs
AnswerC

'only: tags' restricts job to tags.

Why this answer

The 'only' keyword (or 'rules') in GitLab CI specifies conditions for job execution. 'only: tags' ensures the job runs only for tags.

16
MCQmedium

A company wants to deploy a Kubernetes application across multiple AWS accounts using a single set of manifests. The team needs to manage the deployment centrally while allowing each account to have its own configuration values (e.g., environment-specific variables). Which approach should the team use?

A.Use Terraform workspaces with Kubernetes provider
B.Use Helm charts with per-environment values files
C.Use CloudFormation StackSets with Kubernetes resources
D.Create separate manifests for each account
AnswerB

Helm allows centralized chart management with values overrides per environment.

Why this answer

Helm charts package Kubernetes manifests and support parameterization via values files, allowing centralized deployment with per-environment overrides.

17
MCQmedium

An organization uses CloudFormation to manage infrastructure across multiple AWS accounts. The team wants to deploy a common set of resources, such as VPCs and security groups, to all accounts in a consistent manner. Which CloudFormation feature should they use?

A.Change sets
B.Drift detection
C.StackSets
D.Nested stacks
AnswerC

StackSets enable multi-account deployments.

Why this answer

StackSets allow deploying stacks across multiple accounts and regions. Change sets preview changes, drift detection checks for manual changes, and nested stacks organize templates within a single account.

18
MCQmedium

A developer is deploying a serverless application using AWS Lambda. They want to reuse common code (e.g., database connection logic) across multiple functions without duplicating it. Which Lambda feature should they use?

A.Lambda versions
B.Lambda aliases
C.Lambda layers
D.Lambda environment variables
AnswerC

Layers are used to centrally manage code and data shared across multiple functions.

Why this answer

Lambda Layers allow you to package and share code across multiple functions, enabling code reuse and reducing deployment package size.

19
MCQmedium

A cloud engineer needs to deploy a containerized application on Amazon EKS. The application requires a persistent storage volume that can be dynamically provisioned. Which Kubernetes resource should be used to request storage?

A.PersistentVolume
B.PersistentVolumeClaim
C.StorageClass
D.ConfigMap
AnswerB

PVC is a request for storage by a pod.

Why this answer

A PersistentVolumeClaim (PVC) is the correct Kubernetes resource to request storage because it acts as a request for storage by a pod, specifying size, access modes, and optionally a StorageClass. In Amazon EKS, a PVC can trigger dynamic provisioning of an EBS or EFS volume via a StorageClass, decoupling the storage request from the underlying PersistentVolume. This allows the cloud engineer to deploy the containerized application without manually pre-provisioning storage.

Exam trap

Cisco often tests the distinction between a PersistentVolume (the actual storage resource) and a PersistentVolumeClaim (the request for storage), leading candidates to mistakenly select PV when the question asks for the resource that 'requests' storage.

How to eliminate wrong answers

Option A is wrong because a PersistentVolume (PV) is a cluster resource representing pre-provisioned storage, not a request for storage; it is the backend volume that a PVC binds to. Option C is wrong because a StorageClass defines the storage type and provisioner (e.g., 'ebs.csi.aws.com') but does not itself request storage; it is referenced by a PVC to enable dynamic provisioning. Option D is wrong because a ConfigMap is used to inject configuration data (key-value pairs) into pods, not for persistent storage requests.

20
MCQmedium

An Azure administrator needs to deploy a cloud-native application using Azure DevOps. The team wants to define the entire Azure infrastructure as code using a declarative language that is concise and integrated with Azure. Which tool should the administrator use?

A.Terraform
B.Bicep
C.Ansible
D.ARM templates (JSON)
AnswerB

Bicep is a declarative language for Azure that transpiles to ARM templates, offering a cleaner syntax.

Why this answer

Bicep is a domain-specific language for deploying Azure resources that provides a simpler syntax than ARM templates while being fully integrated with Azure.

21
MCQmedium

During a CI/CD pipeline for a web application, the team wants to reduce risk by deploying a new version to a small percentage of users initially, monitoring for errors, and automatically rolling back if issues are detected. Which deployment strategy should they implement?

A.Blue/green deployment
B.Rolling deployment
C.In-place deployment
D.Canary deployment
AnswerD

Routes a small percentage of traffic to new version and monitors.

Why this answer

Canary deployment releases to a subset of users and includes monitoring and automatic rollback. Blue/green uses two full environments and switch traffic; rolling updates gradually replace instances; in-place updates replace instances without traffic shifting.

22
MCQhard

An organization uses Terraform to manage multi-cloud infrastructure across AWS and Azure. The state file must be stored securely with locking to prevent concurrent modifications. Which backend configuration should the team use?

A.GitHub repository with Terraform Cloud agent
B.Azure DevOps pipeline variable group
C.AWS S3 bucket with DynamoDB table for locking
D.Local file system with .terraform.lock.hcl
AnswerC

S3 stores state; DynamoDB provides state locking, preventing concurrent operations.

Why this answer

Terraform supports remote backends like AWS S3 with DynamoDB for state locking, which provides both state storage and locking. Azure Blob Storage can also be used with blob lease locking.

23
MCQhard

An organization is migrating a MySQL database to Amazon Aurora with minimal downtime. The migration must capture ongoing changes from the source database and apply them to the target during the cutover. Which AWS Database Migration Service (DMS) feature should be used?

A.Validation
B.Change data capture (CDC)
C.Full load only
D.Schema conversion
AnswerB

CDC enables continuous replication of changes, allowing minimal downtime migration.

Why this answer

AWS DMS supports ongoing replication using change data capture (CDC), which continuously replicates changes from the source to the target with minimal downtime.

24
MCQmedium

An organization is using CloudFormation to manage AWS infrastructure. They need to detect if any manual changes have been made to resources outside of CloudFormation. Which CloudFormation feature should they use?

A.Change sets
B.Drift detection
C.Stack sets
D.Resource signals
AnswerB

Correct. Drift detection identifies resources that have drifted from the template definition.

Why this answer

CloudFormation drift detection compares the current state of resources with the expected state defined in the stack template. It identifies resources that have been modified manually, known as drift.

25
MCQeasy

A cloud architect is designing a deployment pipeline using GitHub Actions. They want to automatically run tests on every push to the main branch. Which GitHub Actions component defines the automation workflow?

A.Job
B.Step
C.Action
D.Workflow
AnswerD

A workflow is the top-level automation unit.

Why this answer

A workflow is a configurable automated process defined in YAML in the .github/workflows directory.

26
Multi-Selectmedium

A cloud architect is designing a CI/CD pipeline for a critical application that requires zero-downtime deployments. The architect wants to gradually shift traffic to the new version while monitoring for errors and automatically rolling back if issues are detected. Which TWO deployment strategies should the architect consider? (Select TWO.)

Select 2 answers
A.Blue/green deployment
B.Rolling deployment
C.Immutable deployment
D.A/B testing deployment
E.Canary deployment
AnswersA, E

Blue/green switches traffic and can rollback quickly.

Why this answer

Canary and blue/green both support gradual traffic shift and rollback. Rolling updates are gradual but may not have automatic rollback based on monitoring. A/B testing is not a deployment strategy.

Immutable deployments replace instances but not gradual.

27
MCQhard

A DevOps engineer is configuring a Kubernetes deployment for a microservices application. The application requires that new pods receive traffic only after a health check endpoint returns HTTP 200. Which Kubernetes feature should be configured on the pods?

A.Startup probe
B.Liveness probe
C.Resource limits
D.Readiness probe
AnswerD

Readiness probes indicate when a pod is ready to serve traffic; Kubernetes only sends traffic to pods with a successful readiness probe.

Why this answer

Readiness probes determine whether a pod is ready to receive traffic; only when the probe succeeds is the pod added to service endpoints.

28
Multi-Selecteasy

A cloud engineer is writing Ansible playbooks to automate the configuration of cloud resources. Which TWO statements about Ansible are true?

Select 2 answers
A.Ansible requires an agent installed on each managed node.
B.Ansible uses a declarative language like HCL.
C.Ansible uses YAML for playbook syntax.
D.Ansible modules are used to interact with cloud providers.
E.Ansible is a CI/CD pipeline tool.
AnswersC, D

Playbooks are written in YAML.

Why this answer

Ansible is agentless (uses SSH/WinRM) and uses YAML for playbooks. It requires Python on control node, not agents on target hosts. It is not primarily for orchestration of CI/CD pipelines.

29
MCQmedium

A cloud architect is creating a Terraform configuration to deploy resources in AWS. The architect needs to store the state file in a remote backend that supports state locking and encryption at rest. Which backend should the architect configure?

A.Local file system with Terraform Cloud
B.S3 with DynamoDB for state locking
C.Azure Blob Storage with a lease blob for locking
D.Google Cloud Storage with object versioning
AnswerB

S3 backend with DynamoDB provides remote state and locking.

Why this answer

S3 with DynamoDB for locking is a recommended backend for Terraform state in AWS. Azure Blob Storage is for Azure, GCS for GCP, and local backend does not support remote state or locking.

30
Multi-Selectmedium

An organization is moving 100 TB of archival data from on-premises to Google Cloud Storage. The network bandwidth is limited to 10 Mbps, and the migration must complete within two weeks. Which THREE methods should the team consider?

Select 2 answers
A.Google Cloud Storage Transfer Service for on-premises data
B.Direct peering with Google Cloud
C.Google Cloud Data Transfer Appliance
D.Partner edge appliance (e.g., from compatible partner)
E.Google Cloud Storage Transfer Service for inter-cloud transfer
AnswersC, D

Offline physical device for large data transfer.

Why this answer

Option C is correct because the Google Cloud Data Transfer Appliance is a physical device designed for offline transfer of large datasets (up to 100 TB) when network bandwidth is insufficient. With 10 Mbps bandwidth, transferring 100 TB would take approximately 926 days (100 TB * 1024 GB/TB * 8 bits/byte / 10 Mbps / 86400 seconds/day), far exceeding the two-week deadline. The appliance allows shipping the data directly to Google for ingestion, bypassing network constraints entirely.

Exam trap

Cisco often tests the misconception that cloud transfer services or network optimizations like peering can overcome severe bandwidth limitations, when in reality physical appliance-based solutions are required for large datasets over constrained links.

31
MCQmedium

A company is deploying a new version of a microservice on Amazon EKS. The deployment must ensure that new pods are created and become healthy before old pods are terminated. The current deployment uses a ReplicaSet. Which Kubernetes resource and strategy should be used?

A.ReplicaSet with RollingUpdate strategy
B.DaemonSet with RollingUpdate
C.Deployment with RollingUpdate strategy
D.StatefulSet with OnDelete strategy
AnswerC

Deployment provides rolling updates ensuring new pods are healthy before old ones are removed.

Why this answer

A Deployment manages ReplicaSets and supports a RollingUpdate strategy that creates new pods and waits for them to become ready before terminating old ones.

32
MCQeasy

A cloud engineer needs to deploy a serverless function that runs when a new object is uploaded to an S3 bucket. Which AWS service event trigger should be configured?

A.API Gateway
B.EventBridge
C.S3
D.SQS
AnswerC

S3 can invoke Lambda directly on object creation events.

Why this answer

Amazon S3 can directly invoke AWS Lambda when a new object is uploaded by configuring an S3 event notification on the bucket. This native integration allows the S3 service to trigger the function without any intermediary service, making option C the correct choice for a serverless function triggered by an S3 upload event.

Exam trap

Cisco often tests the distinction between direct service integrations (S3 → Lambda) and event bus patterns (EventBridge), where candidates may overcomplicate by choosing EventBridge when the native S3 trigger is simpler and sufficient.

How to eliminate wrong answers

Option A is wrong because API Gateway is a service for creating RESTful or WebSocket APIs to front-end applications or services, not for directly triggering functions from S3 events; it would require an additional integration layer. Option B is wrong because EventBridge is a serverless event bus for routing events between AWS services and custom applications, but S3 can send events directly to Lambda without needing EventBridge as an intermediary. Option D is wrong because SQS is a message queue service that decouples components, not a direct trigger for Lambda from S3; while S3 can send events to SQS, the queue would then need to be polled by a consumer, adding latency and complexity.

33
MCQhard

A company is using Azure to host a web application. The application is deployed using ARM templates. The operations team has noticed that some resources have been manually modified via the Azure portal, causing configuration drift. The team wants to detect these changes and optionally revert them to the template-defined state. Which Azure feature should they use?

A.Azure Policy
B.Azure Blueprints
C.Azure Resource Graph with drift detection
D.Resource Manager template what-if operation
AnswerC

Resource Graph can query state, and drift detection compares to template.

Why this answer

Azure Resource Graph provides a query interface to explore Azure resources across subscriptions. When combined with drift detection, it can compare the current configuration of resources against the desired state defined in an ARM template. This allows the team to identify manual modifications and optionally trigger remediation to reapply the template.

While Azure Policy enforces compliance and Blueprints orchestrate deployments, Resource Graph specifically enables drift detection and remediation for ARM template deployments.

34
MCQmedium

A DevOps team is setting up a CI/CD pipeline using GitHub Actions. They want the pipeline to automatically deploy a containerized application to a Kubernetes cluster only when changes are pushed to the main branch. Which GitHub Actions component should they use to trigger the deployment?

A.A cron job that checks the repository every hour
B.A GitHub webhook configured in the repository settings
C.A pull request review requirement
D.A workflow with an on.push trigger for the main branch
AnswerD

Correct. The on.push event triggers the workflow on push to specified branches.

Why this answer

GitHub Actions workflows are defined in YAML and can include an 'on' trigger specifying events such as push to a branch. This allows automation of the deployment when code is pushed to main.

35
MCQhard

A company uses Azure DevOps to deploy a critical application. They need to implement a deployment strategy that ensures zero downtime by directing all traffic to the new environment after validation, while keeping the old environment as a fallback. Which deployment strategy should be configured in the Azure Pipelines release pipeline?

A.Canary deployment
B.In-place deployment
C.Blue/green deployment
D.Rolling deployment
AnswerC

Switches traffic from blue to green after validation, keeping blue as fallback.

Why this answer

Blue/green deployment is the correct strategy because it maintains two identical environments (blue and green) and switches the router or load balancer to direct all traffic to the new (green) environment only after validation is complete. The old (blue) environment remains untouched and can serve as an immediate fallback if issues arise, ensuring zero downtime during the cutover.

Exam trap

Cisco often tests the distinction between canary and blue/green by emphasizing 'gradual traffic shift' versus 'instant full cutover with fallback,' leading candidates to confuse canary's incremental rollout with the zero-downtime fallback requirement.

How to eliminate wrong answers

Option A is wrong because canary deployment gradually shifts a small percentage of traffic to the new version before full rollout, which does not guarantee zero downtime for all users during the initial validation phase and does not keep the old environment as a full fallback. Option B is wrong because in-place deployment updates the existing environment directly, causing downtime during the update process and no fallback environment is preserved. Option D is wrong because rolling deployment replaces instances incrementally, which can cause temporary capacity reduction or version mismatch during the update, and it does not maintain a complete fallback environment.

36
Multi-Selecthard

A cloud team uses Azure Bicep for deploying resources. They need to create a modular deployment that includes a virtual network and a subnet. Which THREE best practices should they follow when authoring Bicep files? (Choose three.)

Select 3 answers
A.Use hard-coded resource names to ensure consistency.
B.Use modules to encapsulate and reuse resource definitions.
C.Use symbolic names for resources to reference them elsewhere in the file.
D.Use parameters for configurable values like address prefixes.
E.Define all resources in a single file for simplicity.
AnswersB, C, D

Modules promote modularity.

Why this answer

Using parameters for configurable values, using modules for reuse, and using symbolic names for resource references are best practices.

37
MCQmedium

A DevOps team uses Ansible to automate cloud resource provisioning. Which of the following best describes Ansible's architecture?

A.It uses a declarative language similar to Terraform.
B.It uses a master-server architecture with a central controller.
C.It requires an agent installed on each managed node.
D.It is agentless and uses SSH or WinRM to execute tasks.
AnswerD

Correct. Ansible uses SSH (Linux) or WinRM (Windows) without agents.

Why this answer

Ansible is agentless and uses SSH or WinRM to connect to managed nodes, executing YAML playbooks.

38
MCQmedium

An organization is implementing a CI/CD pipeline for a critical application. The team wants to deploy a new version to a small subset of users initially to validate performance and functionality before rolling out to the entire user base. Which deployment strategy best fits this requirement?

A.Rolling deployment
B.Blue/green deployment
C.Immutable deployment
D.Canary deployment
AnswerD

Canary deployment routes a small percentage of traffic to the new version, allowing monitoring before full rollout.

Why this answer

Canary deployment releases the new version to a small percentage of users, monitors its performance, and gradually increases traffic if successful.

39
MCQeasy

A DevOps team uses Terraform to manage cloud infrastructure. They want to store the state file in a remote backend to enable team collaboration. Which backend configuration stores Terraform state in an S3 bucket?

A.backend 'consul'
B.backend 'azurerm'
C.backend 's3'
D.backend 'gcs'
AnswerC

This is the correct backend for AWS S3.

Why this answer

Option C is correct because Terraform's 's3' backend is specifically designed to store state files in an AWS S3 bucket, enabling team collaboration through remote state locking and versioning. This backend uses the AWS SDK to interact with S3, supporting features like DynamoDB-based state locking and encryption with KMS.

Exam trap

Cisco often tests the specific backend names mapped to cloud providers, and the trap here is that candidates may confuse 's3' with a generic storage term or assume 'azurerm' or 'gcs' are interchangeable, when each is tied to a distinct cloud platform.

How to eliminate wrong answers

Option A is wrong because the 'consul' backend stores state in HashiCorp Consul, a service mesh and key-value store, not in an S3 bucket. Option B is wrong because the 'azurerm' backend stores state in Azure Blob Storage, not in AWS S3. Option D is wrong because the 'gcs' backend stores state in Google Cloud Storage, not in AWS S3.

40
MCQmedium

A company is moving a 10 TB SQL Server database to Azure SQL Database. They need to migrate with minimal downtime while keeping the source database operational. Which service should they use?

A.Azure Database Migration Service (DMS)
B.Azure Data Sync
C.Azure Import/Export Service
D.Azure Data Box
AnswerA

Azure DMS supports online migrations with minimal downtime.

Why this answer

Azure Database Migration Service supports online migrations with minimal downtime using continuous sync (CDC) from SQL Server to Azure SQL Database.

41
MCQhard

A company is migrating a 50 TB on-premises SQL Server database to Amazon RDS for MySQL with minimal downtime. The schema must be converted from SQL Server to MySQL. Which combination of AWS services should the cloud architect use?

A.AWS DMS and AWS Schema Conversion Tool (SCT)
B.AWS Database Migration Service (DMS) only
C.AWS Snowball and AWS DMS
D.AWS DataSync and AWS Schema Conversion Tool (SCT)
AnswerA

DMS handles migration and replication; SCT converts schema.

Why this answer

AWS DMS can migrate data with minimal downtime using CDC. Schema Conversion Tool (SCT) converts the schema from SQL Server to MySQL. DMS then performs the ongoing replication.

42
Multi-Selectmedium

A cloud team is implementing a CI/CD pipeline for a containerized application. They want to automatically build a Docker image, push it to a registry, and deploy it to a Kubernetes cluster. Which TWO tools from the options below are commonly used as part of this pipeline? (Select 2)

Select 2 answers
A.Jenkins
B.CloudFormation
C.GitLab CI
D.Terraform
E.Docker Compose
AnswersA, C

Correct. Jenkins can automate build, push, and deploy steps.

Why this answer

Jenkins and GitLab CI are both CI/CD tools that can build Docker images, push to registries, and deploy to Kubernetes. Terraform and CloudFormation are IaC tools, not CI/CD. Docker Compose is for local development.

43
MCQeasy

A developer is deploying a serverless function that processes images uploaded to an S3 bucket. The function should be triggered automatically whenever a new object is created in the bucket. Which event source should be configured to invoke the Lambda function?

A.Amazon SQS
B.Amazon EventBridge
C.Amazon S3
D.API Gateway
AnswerC

Lambda can be configured to trigger on S3 events such as s3:ObjectCreated:*.

Why this answer

S3 can send events to Lambda when objects are created, enabling automatic processing without polling.

44
MCQeasy

A company needs to migrate 50 TB of data from an on-premises file server to Amazon S3. The network bandwidth is limited and the migration must be completed within one week. Which AWS service is specifically designed for offline data transfer of large datasets?

A.AWS DataSync
B.AWS Snowball
C.Amazon S3 Batch Operations
D.S3 Transfer Acceleration
AnswerB

Snowball is a petabyte-scale data transport device that uses physical shipping for offline transfer.

Why this answer

AWS Snowball is specifically designed for offline data transfer of large datasets, such as 50 TB, when network bandwidth is limited. It provides physical storage devices that are shipped to the customer, loaded with data, and returned to AWS for ingestion into S3, bypassing network constraints entirely. This makes it the ideal choice for completing a 50 TB migration within one week over a limited bandwidth connection.

Exam trap

The trap here is that candidates often confuse AWS DataSync (an online tool) with offline transfer solutions, overlooking that Snowball is the only option designed for physically moving large data when bandwidth is insufficient.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is an online data transfer service that requires network connectivity and is not designed for offline transfer; it would be impractical for 50 TB over limited bandwidth within one week. Option C is wrong because Amazon S3 Batch Operations is used for managing bulk actions on existing S3 objects (e.g., copying, tagging) and does not handle initial data ingestion from on-premises sources. Option D is wrong because S3 Transfer Acceleration is a network optimization feature that speeds up uploads over the internet but still relies on available bandwidth and cannot overcome severe bandwidth limitations for large datasets.

45
MCQmedium

A cloud engineer is writing a Terraform configuration to deploy an AWS EC2 instance. The engineer wants to pass the AMI ID and instance type into the configuration at runtime without hardcoding them. Which Terraform feature should be used?

A.Locals
B.Outputs
C.Variables
D.Data sources
AnswerC

Variables allow you to define inputs that can be provided at runtime via command line, environment variables, or variable files.

Why this answer

Variables in Terraform allow you to define parameters that can be supplied at runtime, making configurations reusable and flexible.

46
MCQeasy

A developer wants to deploy a containerized application on a Kubernetes cluster using a package manager that simplifies deployment and management. Which tool should be used?

A.Docker Compose
B.Helm
C.Terraform
D.Ansible
AnswerB

Helm is the standard Kubernetes package manager.

Why this answer

Helm is the package manager for Kubernetes. It uses charts to define, install, and upgrade complex Kubernetes applications.

47
MCQhard

A team is using Kubernetes for container orchestration. They want to ensure that a new deployment does not cause downtime by gradually updating pods with a rolling update strategy. Which parameter in a Deployment manifest controls the number of pods that can be unavailable during the update?

A.spec.minReadySeconds
B.spec.replicas
C.spec.strategy.rollingUpdate.maxSurge
D.spec.strategy.rollingUpdate.maxUnavailable
AnswerD

Correct. This parameter controls the maximum number of pods that can be unavailable during the update.

Why this answer

The `spec.strategy.rollingUpdate.maxUnavailable` parameter in a Kubernetes Deployment manifest specifies the maximum number of pods that can be unavailable during a rolling update. This ensures that a controlled number of pods are taken down at a time, preventing downtime by maintaining a minimum number of available pods throughout the update process.

Exam trap

The trap here is that candidates often confuse `maxSurge` (which controls extra pods created above the desired count) with `maxUnavailable` (which controls pods that can be taken down), leading them to select option C instead of D.

How to eliminate wrong answers

Option A is wrong because `spec.minReadySeconds` controls how long a newly created pod must be ready before it is considered available, not the number of pods that can be unavailable during an update. Option B is wrong because `spec.replicas` defines the desired number of pod replicas, not the availability constraints during a rolling update. Option C is wrong because `spec.strategy.rollingUpdate.maxSurge` controls the maximum number of pods that can be created above the desired replica count during an update, not the number that can be unavailable.

48
MCQhard

An organization is migrating a 50 TB on-premises Oracle database to Amazon RDS for MySQL with minimal downtime. They plan to use AWS DMS with ongoing replication. Which additional step is necessary to reduce downtime during the final cutover?

A.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema
B.Enable change data capture (CDC) on the source database
C.Increase the allocated storage on the target RDS instance
D.Use AWS Snowball to transfer the initial data load
AnswerB

Correct. CDC allows DMS to capture ongoing changes, enabling near-zero downtime during cutover.

Why this answer

To minimize downtime, after the full load, CDC replication keeps the target in sync. During final cutover, stopping application writes and applying remaining CDC changes completes the migration with very little downtime.

49
Multi-Selecthard

A company needs to migrate a 100 TB on-premises file server to AWS S3. The migration must be completed within two weeks. The network bandwidth is limited to 1 Gbps. Which TWO services should be combined to accomplish this migration within the timeframe? (Select TWO.)

Select 1 answer
A.AWS Server Migration Service (SMS)
B.AWS DataSync
C.AWS Direct Connect
D.AWS Snowball Edge
E.Amazon S3 Transfer Acceleration
AnswersD

Offline device can transfer 100 TB quickly.

Why this answer

Option D (AWS Snowball Edge) is correct because it provides a physical storage device that can transfer 100 TB of data offline, bypassing the 1 Gbps bandwidth limitation. With 1 Gbps, the theoretical maximum transfer over the network would be approximately 10.8 TB per day, requiring over 9 days for 100 TB under ideal conditions, but real-world factors like protocol overhead and contention make two weeks infeasible. Snowball Edge can handle up to 80 TB per device, so two devices can complete the migration well within the two-week window.

Exam trap

The trap here is that candidates often choose DataSync or Transfer Acceleration, assuming they can accelerate transfers sufficiently, but they fail to calculate that even with optimal network conditions, 100 TB over 1 Gbps requires over 9 days of continuous transfer, leaving no margin for real-world inefficiencies or the two-week deadline.

50
MCQeasy

An organization is using Azure DevOps to implement a CI/CD pipeline. In which stage of the pipeline would automated unit tests typically be executed?

A.Deploy
B.Build
C.Verify
D.Source
AnswerB

Build stage compiles and runs unit tests.

Why this answer

Unit tests are typically run in the build stage after compilation. Source is for code fetching, deploy for release, and verify for post-deployment checks.

51
MCQeasy

A company wants to deploy a Lambda function that processes objects uploaded to an S3 bucket. Which event trigger should be configured on the Lambda function?

A.API Gateway
B.CloudWatch Events
C.S3 bucket event notification
D.SQS
AnswerC

S3 can publish events to Lambda when objects are uploaded.

Why this answer

Option C is correct because S3 bucket event notifications can be configured to directly invoke a Lambda function when objects are uploaded. This is the native, serverless integration where S3 publishes an event (e.g., s3:ObjectCreated:Put) to Lambda, triggering the function automatically without any intermediary service.

Exam trap

Cisco often tests the misconception that SQS or CloudWatch Events are required to bridge S3 and Lambda, when in fact S3 can invoke Lambda directly via its event notification feature.

How to eliminate wrong answers

Option A is wrong because API Gateway is used to create RESTful or WebSocket APIs that trigger Lambda functions via HTTP requests, not for S3 object upload events. Option B is wrong because CloudWatch Events (now Amazon EventBridge) is used for scheduling or responding to AWS service events, but it is not the direct trigger for S3 object uploads; S3 can send events directly to Lambda without CloudWatch. Option D is wrong because SQS is a message queue service; while Lambda can poll SQS, S3 can send events directly to Lambda without needing an SQS queue as an intermediary.

52
MCQmedium

A cloud engineer is tasked with deploying a containerized application on Kubernetes. The application must handle varying loads, and the deployment should automatically replace failed containers. Which Kubernetes object should the engineer use to achieve self-healing and scalability?

A.ConfigMap
B.Service
C.Deployment
D.Pod
AnswerC

A Deployment ensures desired number of Pods are running and supports rolling updates.

Why this answer

A Deployment is the correct Kubernetes object because it manages ReplicaSets to provide declarative updates, self-healing (automatic replacement of failed pods), and scalability (adjusting replica counts). Unlike a standalone Pod, a Deployment ensures the desired state is maintained, automatically rescheduling containers if they fail.

Exam trap

Cisco often tests the misconception that a Pod alone provides self-healing, but in Kubernetes, a Pod is a non-self-healing atomic unit; only controllers like Deployment (or StatefulSet/DaemonSet) provide automatic replacement and scaling.

How to eliminate wrong answers

Option A (ConfigMap) is wrong because it is used to inject configuration data (e.g., environment variables, files) into pods, not to manage pod lifecycle, self-healing, or scaling. Option B (Service) is wrong because it provides a stable network endpoint and load balancing for a set of pods, but does not handle pod replacement or scaling of replicas. Option D (Pod) is wrong because a single Pod lacks self-healing capabilities; if the Pod fails, it is not automatically replaced unless managed by a higher-level controller like a Deployment.

53
MCQmedium

An organization is migrating a MySQL database to Amazon RDS using AWS DMS. They want to minimize downtime by using ongoing replication from the source. Which DMS feature should they enable to capture changes as they occur on the source database?

A.Data validation
B.Change Data Capture (CDC)
C.Full load
D.Schema conversion
AnswerB

Captures ongoing changes for minimal downtime migration.

Why this answer

Change Data Capture (CDC) captures ongoing changes. Full load transfers existing data; schema conversion converts schemas; validation checks data integrity.

54
Multi-Selecthard

A company is migrating a large on-premises application to AWS. The application uses a SQL Server database and requires minimal downtime. The database is 1 TB. Which THREE services or features should the team consider to achieve a successful migration with minimal downtime? (Select 3)

Select 3 answers
A.AWS Snowball
B.AWS Schema Conversion Tool (AWS SCT)
C.AWS Boto3
D.AWS Database Migration Service (DMS) with change data capture (CDC)
E.AWS Direct Connect
AnswersB, D, E

Correct. SCT helps convert the schema from SQL Server to the target (e.g., Amazon RDS).

Why this answer

AWS DMS with CDC enables ongoing replication. AWS SCT converts the schema if needed. Snowball is for offline data transfer which would cause downtime.

Direct Connect improves network stability. Boto3 is a Python SDK, not a migration service.

55
MCQeasy

A cloud administrator is automating the deployment of a web application on AWS. The administrator wants to define the infrastructure as code using a declarative language that supports drift detection. Which tool should the administrator use?

A.AWS CodeDeploy
B.Ansible
C.Terraform
D.CloudFormation
AnswerD

CloudFormation provides built-in drift detection to compare stack resources with template.

Why this answer

CloudFormation is a declarative AWS service for infrastructure as code that supports drift detection, which identifies changes made to resources outside of template management.

56
MCQhard

A company uses GitHub Actions to build and deploy a microservices application. They want to automate the deployment to a Kubernetes cluster only when changes are pushed to the main branch. Which GitHub Actions event trigger should be used in the workflow?

A.on: workflow_dispatch:
B.on: push: branches: [ main ]
C.on: schedule: - cron: '0 0 * * *'
D.on: pull_request: branches: [ main ]
AnswerB

Correct. Runs workflow on push to main branch.

Why this answer

The 'push' event with branch filters triggers on pushes to main. 'pull_request' triggers on PR events; 'schedule' triggers on a cron; 'workflow_dispatch' triggers manually.

57
MCQeasy

A DevOps team is implementing a CI/CD pipeline to deploy a microservices application on Kubernetes. The team wants to ensure that the deployment automatically rolls back if the new version fails health checks after the update. Which Kubernetes feature should be configured in the deployment manifest?

A.A readiness probe with a low failure threshold
B.A startup probe with a long initial delay
C.A ConfigMap for health check endpoints
D.A liveness probe with a high failure threshold
AnswerA

Readiness probes control whether a pod is considered ready; failures can trigger rollback.

Why this answer

A readiness probe determines if a pod is ready to serve traffic. If it fails, the rolling update pauses or rolls back depending on the deployment strategy's progressDeadlineSeconds and revisionHistoryLimit.

58
MCQeasy

A company is migrating to the cloud and needs to transfer 200 TB of data from an on-premises data center to GCP. The network bandwidth is limited, so they want to use a physical appliance for offline transfer. Which GCP service should they use?

A.Azure Data Box
B.Transfer Appliance
C.AWS DataSync
D.Storage Transfer Service
AnswerB

Google's offline physical appliance for large data transfers.

Why this answer

Storage Transfer Service is for online transfers; Transfer Appliance is Google's offline physical device; DataSync is AWS; Azure Data Box is Microsoft's offline device.

59
MCQeasy

A DevOps team wants to deploy a Kubernetes application using a package manager that simplifies the deployment process by bundling all Kubernetes resources into a single package. Which tool should the team use?

A.Kustomize
B.Helm
C.Ansible
D.Terraform
AnswerB

Helm uses charts to package Kubernetes manifests, simplifying deployment and management.

Why this answer

Helm is the package manager for Kubernetes that uses charts to define, install, and upgrade even the most complex Kubernetes applications.

60
MCQmedium

A cloud engineer is using Ansible to automate the configuration of cloud resources. The engineer needs to ensure that the automation does not require any agent software to be installed on the target nodes. Which characteristic of Ansible makes this possible?

A.It uses PowerShell Desired State Configuration
B.It uses a master-agent architecture
C.It is agentless
D.It requires a pull-based model
AnswerC

Ansible operates over SSH or WinRM without needing an agent on managed nodes.

Why this answer

Ansible is agentless; it connects over SSH (Linux) or WinRM (Windows) to execute tasks without installing any software on the target.

61
MCQmedium

An administrator is writing an Ansible playbook to provision cloud resources across multiple cloud providers. The playbook must manage instances in AWS, Azure, and GCP. Which Ansible concept should the administrator use to interact with each cloud provider's API?

A.Modules
B.Roles
C.Inventories
D.Playbooks
AnswerA

Modules are the components that perform actual API calls to manage resources.

Why this answer

Ansible modules are units of code that interact with cloud provider APIs. Each cloud provider has specific modules (e.g., ec2, azure_rm, gcp_compute).

62
MCQmedium

A cloud engineer is managing AWS infrastructure with Terraform and wants to store the state file remotely to enable team collaboration. Which storage option should the engineer configure in the backend block?

A.Google Cloud Storage
B.Local file system
C.Azure Blob Storage
D.Amazon S3
AnswerD

S3 is the standard backend for AWS Terraform state.

Why this answer

Terraform supports multiple remote backends. For AWS, S3 is the recommended backend for storing state files, providing durability and locking via DynamoDB.

63
Multi-Selecteasy

A company is adopting Infrastructure as Code (IaC) to manage its cloud resources. Which THREE statements are true about IaC? (Select THREE.)

Select 3 answers
A.IaC allows for automated provisioning of infrastructure
B.IaC eliminates the need for manual configuration changes
C.IaC is only applicable for immutable infrastructure
D.IaC configurations are typically stored in version control
E.IaC ensures that deployments are repeatable and consistent
AnswersA, D, E

Automation is a key benefit.

Why this answer

IaC enables automation, idempotency, and version control. Manual changes are not required; IaC can be used for both mutable and immutable infrastructure.

64
MCQmedium

An organization wants to deploy a new microservice to a Kubernetes cluster with zero downtime. The deployment should update pods gradually by replacing old pods with new ones, and if the new pods fail health checks, the rollout should stop. Which Kubernetes deployment strategy meets these requirements?

A.Canary
B.Recreate
C.Rolling update
D.Blue/green
AnswerC

Rolling update gradually replaces pods and can be configured to stop on failed readiness probes.

Why this answer

A rolling update strategy in Kubernetes replaces pods incrementally and can be configured to pause on failed health checks.

65
MCQeasy

A cloud engineer needs to deploy a Lambda function that processes objects uploaded to an S3 bucket. The function code is stored in a .zip file. Which event trigger should the engineer configure to invoke the function automatically?

A.S3 event notification
B.API Gateway
C.SQS
D.EventBridge
AnswerA

S3 events can trigger Lambda directly on object creation.

Why this answer

S3 can send event notifications to Lambda when objects are created, making it the appropriate trigger for this use case.

66
MCQmedium

A cloud engineer is writing a Bicep file to deploy Azure resources. Bicep is a domain-specific language (DSL) that transpiles to ARM templates. Which of the following is a benefit of using Bicep over ARM JSON templates?

A.Bicep automatically manages state
B.Bicep reduces code verbosity and supports modules
C.Bicep is natively executed by Azure Resource Manager
D.Bicep supports imperative scripting
AnswerB

Bicep syntax is concise and supports modular templates.

Why this answer

Bicep provides a simpler syntax with less boilerplate, modularity, and reusable modules. It reduces complexity compared to raw ARM JSON.

67
MCQhard

A company wants to migrate a 50 TB on-premises SQL Server database to Amazon RDS for MySQL with minimal downtime. The source database is 3 TB and continues to receive writes. Which service should the cloud architect use to perform the migration with ongoing replication?

A.AWS DMS
B.AWS Snowball
C.AWS S3 Transfer Acceleration
D.AWS DataSync
AnswerA

AWS DMS supports CDC replication, allowing near-zero downtime migration.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication via change data capture (CDC) to migrate with minimal downtime.

68
MCQmedium

A team is designing a CI/CD pipeline for a microservices application. They want to automatically build, test, and deploy each service independently to a Kubernetes cluster. The pipeline must integrate with Git repositories and support parallel job execution. Which tool is best suited for this requirement?

A.Azure DevOps
B.Jenkins
C.AWS CodePipeline
D.GitLab CI
AnswerD

GitLab CI offers native Git integration, parallel jobs, and Kubernetes deployment support.

Why this answer

GitLab CI is integrated with Git repositories, supports parallel jobs, and can deploy to Kubernetes, making it a good fit for microservices CI/CD.

69
MCQhard

A company is migrating a 50 TB on-premises database to AWS RDS MySQL. The migration must have minimal downtime and support ongoing replication during the cutover. The database schema is standard MySQL. Which combination of services should the company use?

A.AWS DMS with schema conversion tool to convert to MySQL
B.AWS Database Migration Service (DMS) with Change Data Capture (CDC) replication
C.AWS Snowball Edge to transfer database dump, then import to RDS
D.AWS DataSync to transfer database files to S3, then restore to RDS
AnswerB

DMS supports CDC for minimal downtime.

Why this answer

AWS DMS with CDC enables minimal downtime migration by replicating ongoing changes. Schema Conversion Tool is unnecessary for MySQL to MySQL. Snowball is for large data sets offline, not for minimal downtime.

70
Multi-Selectmedium

A company is planning to migrate a 200 TB on-premises file server to AWS S3. The network link is 1 Gbps and cannot be saturated due to other traffic. The migration must be completed within two weeks. Which TWO services or features should the cloud engineer consider to accelerate the transfer? (Choose two.)

Select 2 answers
A.AWS Direct Connect
B.AWS DMS
C.AWS DataSync
D.AWS Snowball
E.AWS Storage Gateway
AnswersC, D

DataSync can accelerate transfers over the network and is designed for large datasets.

Why this answer

AWS DataSync is correct because it is designed to efficiently migrate large datasets to AWS by using parallel multi-threaded transfers and incremental syncs, which can optimize the use of the available 1 Gbps link without saturating it. It can handle the 200 TB file server migration by automating the transfer and reducing the time required compared to manual copying, though the 1 Gbps link alone may still be insufficient for the two-week window, making it a partial solution.

Exam trap

The trap here is that candidates often assume AWS DataSync alone can handle any large transfer over a network link, but they overlook the bandwidth calculation—200 TB at 1 Gbps takes over 18 days, so a physical transport like Snowball is necessary to meet the two-week deadline.

71
Multi-Selecteasy

A company is migrating 50 TB of data from an on-premises file server to Amazon S3. The migration must be completed within two weeks and the internet connection is slow. Which TWO AWS services can accelerate the transfer?

Select 2 answers
A.Amazon S3 multipart upload
B.AWS Direct Connect
C.AWS DataSync
D.AWS Snowball
E.S3 Transfer Acceleration
AnswersD, E

Snowball physically ships data, bypassing the slow internet.

Why this answer

AWS Snowball (Option D) is a petabyte-scale data transport solution that uses secure physical devices to transfer large amounts of data to AWS, bypassing the internet entirely. For a 50 TB migration over a slow connection within a two-week window, Snowball is ideal because it avoids network bandwidth constraints and can transfer data at the speed of shipping, not the internet.

Exam trap

The trap is that candidates may mistakenly choose DataSync or Direct Connect. DataSync requires a network connection and is too slow for 50 TB with slow internet. Direct Connect involves setup delays and still relies on network speed.

The correct pairing is Snowball for offline physical transfer and S3 Transfer Acceleration to optimize any internet-based transfers, but note that for such a large dataset and tight deadline, Snowball is the primary enabler.

72
MCQmedium

A company must migrate 50 TB of data from an on-premises NFS server to Amazon S3 within one week. The network bandwidth averages 50 Mbps. The administrator is evaluating AWS DataSync and AWS Snowball. Which service should the administrator choose?

A.AWS Snowball
B.AWS DataSync
C.S3 Transfer Acceleration
D.AWS Database Migration Service
AnswerA

Snowball is an offline physical device that can handle large datasets quickly.

Why this answer

At 50 Mbps, transferring 50 TB would take about 95 days, exceeding the one-week deadline. Snowball provides offline physical transfer, making it feasible within a week.

73
MCQhard

An organization uses CloudFormation to manage resources across multiple AWS accounts. They need to deploy a common set of resources (e.g., logging configuration) to all accounts in an AWS Organization. Which CloudFormation feature should they use?

A.Change sets
B.StackSets
C.Drift detection
D.Nested stacks
AnswerB

StackSets enable deploying stacks across multiple accounts and regions.

Why this answer

CloudFormation StackSets allow you to deploy stacks across multiple accounts and regions in a single operation, ideal for multi-account governance.

74
Multi-Selectmedium

A cloud architect is designing a CI/CD pipeline for a microservices application deployed on AWS EKS. The pipeline should include stages for source, build, test, deploy, and verify. Which TWO of the following are typical pipeline stages? (Select TWO.)

Select 2 answers
A.Build
B.Audit
C.Source
D.Backup
E.Monitor
AnswersA, C

Build stage compiles and packages the application.

Why this answer

Option A (Build) is correct because in a CI/CD pipeline for AWS EKS, the Build stage compiles source code, runs unit tests, and creates container images (e.g., using Docker) that are pushed to a registry like Amazon ECR. This stage is essential for transforming code into deployable artifacts for Kubernetes workloads.

Exam trap

Cisco often tests the distinction between pipeline stages and adjacent operational activities; the trap here is confusing post-deployment tasks like monitoring or backup with the defined CI/CD stages (source, build, test, deploy, verify).

75
Multi-Selectmedium

A cloud engineer is migrating a legacy application to AWS. The application requires minimal downtime during the database migration from SQL Server to Aurora MySQL. Which TWO AWS services should the engineer use to achieve this?

Select 2 answers
A.AWS Snowball
B.AWS Schema Conversion Tool (SCT)
C.AWS Direct Connect
D.AWS DataSync
E.AWS Database Migration Service (DMS)
AnswersB, E

SCT converts schema between different database engines.

Why this answer

The AWS Schema Conversion Tool (SCT) is used to convert the source SQL Server database schema and code to be compatible with Aurora MySQL, handling differences in data types, stored procedures, and other database objects. The AWS Database Migration Service (DMS) then performs the actual data migration with minimal downtime by continuously replicating changes from the source to the target database until a cutover is performed. Together, SCT and DMS enable a heterogeneous migration with near-zero downtime.

Exam trap

Cisco often tests the distinction between data migration services (DMS) and data transfer services (DataSync, Snowball), where candidates mistakenly choose DataSync for database migrations because it sounds similar to 'data synchronization' but it lacks schema conversion and live database replication capabilities.

Page 1 of 2 · 127 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Clp Deployment questions.