CCNA Clp Deployment Questions

52 of 127 questions · Page 2/2 · Clp Deployment topic · Answers revealed

76
MCQmedium

A cloud engineer is creating an Ansible playbook to provision cloud resources on AWS. Ansible is agentless; it connects to managed nodes via SSH. Which component defines the desired state of cloud resources in Ansible?

A.Playbooks
B.Roles
C.Modules
D.Inventory
AnswerC

Modules are the actual code that enforces state on cloud resources.

Why this answer

Ansible uses modules to interact with cloud APIs. AWS modules, such as ec2, define the desired state of resources like EC2 instances.

77
MCQmedium

A company is migrating a large Oracle database (2 TB) from on-premises to AWS RDS for Oracle. They require minimal downtime and need to keep the source database running during migration. Which AWS service should they use to achieve continuous replication?

A.AWS DataSync
B.AWS DMS with CDC
C.AWS S3 Transfer Acceleration
D.AWS Snowball Edge
AnswerB

AWS DMS with CDC enables continuous replication and minimal downtime.

Why this answer

AWS DMS with Change Data Capture (CDC) is the correct choice because it enables continuous replication of ongoing changes from the source Oracle database to the target RDS for Oracle instance, allowing the source to remain fully operational during migration. CDC captures incremental changes (inserts, updates, deletes) from the source's redo logs, minimizing downtime to a brief cutover window. This meets the requirement of a 2 TB database with minimal downtime while keeping the source running.

Exam trap

The trap here is that candidates confuse AWS DataSync or S3 Transfer Acceleration as suitable for database replication, but they lack CDC capabilities and are designed for file or object transfers, not transactional database synchronization.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is designed for one-time bulk data transfers between on-premises storage and AWS, not for continuous database replication or CDC. Option C is wrong because AWS S3 Transfer Acceleration speeds up uploads to S3 buckets over the internet but does not support database replication or CDC for Oracle to RDS. Option D is wrong because AWS Snowball Edge is a physical device for offline bulk data transfer, which cannot provide continuous replication and would require taking the source database offline to transfer data.

78
MCQmedium

A DevOps team wants to deploy a containerized application to a Kubernetes cluster with zero downtime. The team needs to gradually shift traffic from the old version to the new version, monitoring error rates and automatically rolling back if errors exceed a threshold. Which deployment strategy should the team implement?

A.Blue/green deployment
B.Rolling deployment
C.Recreate deployment
D.Canary deployment
AnswerD

Canary gradually shifts traffic percentage, monitors, and can auto-rollback.

Why this answer

A canary deployment releases the new version to a small subset of users, monitors performance, and automatically rolls back if issues are detected, meeting the zero-downtime and auto-rollback requirements.

79
Multi-Selectmedium

A company is migrating 100 TB of data from on-premises to Google Cloud Storage. The network bandwidth is 1 Gbps, and the migration window is two weeks. Which TWO services should the company consider to complete the transfer within the window? (Choose two.)

Select 2 answers
A.Transfer Appliance
B.gsutil
C.Cloud Dataflow
D.Cloud VPN
E.Storage Transfer Service
AnswersA, E

Transfer Appliance is a physical device for offline transfer, suitable for large data when network is slow.

Why this answer

Storage Transfer Service handles online transfers from various sources, and Transfer Appliance provides offline physical shipping for large datasets when network is insufficient.

80
MCQeasy

A cloud architect is designing a serverless application on AWS Lambda. The function needs to process messages from an SQS queue. Which event trigger should be configured for the Lambda function?

A.API Gateway
B.SQS trigger
C.S3 bucket event
D.EventBridge rule
AnswerB

Correct. Lambda can be triggered directly from SQS.

Why this answer

AWS Lambda can be triggered by SQS messages. By configuring an SQS trigger, Lambda automatically polls the queue and invokes the function with each message.

81
Multi-Selectmedium

A cloud architect is designing a CI/CD pipeline for a containerized application. The pipeline must include stages for building, testing, and deploying to a Kubernetes cluster. Which TWO of the following are common stages in a CI/CD pipeline for containerized applications? (Select TWO.)

Select 2 answers
A.Monitoring
B.Alerting
C.Build
D.Source
E.Capacity planning
AnswersC, D

Build stage compiles code and creates container image.

Why this answer

Source, build, test, deploy, and verify are common stages. Monitoring and alerting are not pipeline stages; capacity planning is not a stage.

82
Multi-Selectmedium

A cloud engineer is planning a database migration from an on-premises Oracle database to Amazon RDS for PostgreSQL. The migration must minimize downtime and preserve ongoing changes. Which TWO services should the engineer consider using together? (Choose two.)

Select 2 answers
A.AWS DataSync
B.AWS Snowball
C.AWS Database Migration Service (DMS)
D.Amazon S3 Transfer Acceleration
E.AWS Schema Conversion Tool (SCT)
AnswersC, E

DMS supports full load and CDC for minimal downtime migration.

Why this answer

AWS DMS can migrate data and replicate ongoing changes using CDC, while the Schema Conversion Tool can convert the Oracle schema to PostgreSQL.

83
MCQmedium

A company is migrating 200 TB of archival data from on-premises storage to Amazon S3. The network bandwidth is limited to 100 Mbps. Which AWS service should be used to accelerate the transfer and reduce the migration time?

A.AWS DataSync
B.AWS Snowball
C.S3 Transfer Acceleration
D.AWS Direct Connect
AnswerB

Correct. Snowball accelerates transfer by shipping storage devices, bypassing network limitations.

Why this answer

AWS Snowball is a physical device for offline data transfer. For large datasets with limited bandwidth, Snowball can transfer data faster by shipping the device, bypassing network constraints.

84
Multi-Selecthard

A DevOps team is designing a CI/CD pipeline for a cloud-native application. They require a deployment strategy that supports traffic shifting in small increments and automatic rollback based on health checks. Which TWO strategies meet these requirements?

Select 2 answers
A.Rolling deployment
B.Recreate deployment
C.Immutable deployment
D.Canary deployment
E.Blue/green deployment
AnswersD, E

Canary shifts traffic incrementally and supports automated rollback based on monitoring.

Why this answer

Canary deploys traffic incrementally and can auto-rollback; blue/green switches all at once but can also roll back by switching back to the old environment.

85
MCQmedium

A company is adopting a CI/CD pipeline using Jenkins to deploy a web application. The pipeline must include steps to compile code, run unit tests, package the application, deploy to a test environment, and then deploy to production. Which pipeline stage should be configured immediately after the build stage?

A.Verify
B.Test
C.Deploy to production
D.Source
AnswerB

Testing follows building to ensure code quality before deployment.

Why this answer

In a typical CI/CD pipeline, after build (compile) comes test (e.g., unit tests) to validate the code before proceeding to deploy.

86
Multi-Selectmedium

A company is deploying a web application using Azure Kubernetes Service (AKS). The deployment manifest includes a probe to check if the application is ready to serve traffic. Which TWO types of probes can be used to determine pod health in Kubernetes? (Select TWO.)

Select 2 answers
A.Secret probe
B.Liveness probe
C.Startup probe
D.Readiness probe
E.ConfigMap probe
AnswersB, D

Indicates whether the container is running; restarts if fails.

Why this answer

Readiness and liveness probes are used for health checking. Startup probes are also available but less common. ConfigMap and Secret are not probes.

87
Multi-Selecteasy

A cloud engineer is using Terraform to manage infrastructure. They need to store the state file remotely for team collaboration and to enable state locking. Which TWO of the following backends support state locking? (Select TWO.)

Select 2 answers
A.Consul backend
B.Local file system
C.HTTP backend
D.Azure Blob Storage with blob lease
E.Amazon S3 with DynamoDB for locking
AnswersD, E

Azure Blob Storage uses lease mechanism for locking.

Why this answer

Terraform backends like S3 (with DynamoDB), Azure Blob Storage, and GCS support state locking for safe concurrent operations.

88
MCQmedium

A cloud engineer is deploying a web application to a Kubernetes cluster. The application requires zero downtime during updates, and the team wants to test new versions with a small percentage of users before full rollout. Which deployment strategy should the engineer use?

A.Rolling deployment
B.Blue/green deployment
C.Canary deployment
D.Immutable deployment
AnswerC

Canary deploys the new version to a subset of users, enabling gradual traffic shift and monitoring.

Why this answer

A canary deployment routes a small percentage of traffic to the new version, allowing monitoring and automatic rollback if issues arise, meeting the requirements.

89
MCQmedium

A cloud engineer is deploying a serverless function using AWS Lambda. The function needs to process messages from an SQS queue. Which event source should be configured to trigger the Lambda function?

A.Amazon S3
B.Amazon SQS
C.Amazon API Gateway
D.Amazon EventBridge
AnswerB

Lambda can poll SQS queue and process messages.

Why this answer

Lambda can be triggered by SQS, S3, API Gateway, etc. For SQS, the trigger is SQS. S3 triggers on object events; API Gateway for HTTP; EventBridge for events.

90
MCQmedium

A cloud engineer is deploying a Lambda function that processes events from an SQS queue. The function must be able to handle a burst of up to 1000 concurrent invocations. Which configuration should the engineer set to ensure the function can scale to meet this demand?

A.Set the function's reserved concurrency to 1000
B.Enable provisioned concurrency for the function
C.Configure SQS to batch messages in groups of 100
D.Set the function's unreserved account concurrency to 1000
AnswerA

Reserved concurrency guarantees capacity.

Why this answer

Lambda scales by increasing concurrency. The reserved concurrency sets a limit; burst concurrency is a regional limit. To handle 1000 concurrent, set reserved concurrency to at least 1000.

Unreserved account concurrency is shared.

91
MCQhard

A team is developing a serverless application on AWS Lambda. The application uses several third-party libraries that are large in size. To reduce deployment package size and enable reuse across functions, the team wants to include these libraries as a separate layer. However, the total unzipped size of all layers exceeds the Lambda limits. What should the team do to resolve this?

A.Increase the Lambda function's reserved concurrency
B.Use a container image for the Lambda function instead of layers
C.Reduce the number of layers by combining libraries into fewer custom layers
D.Request a service limit increase from AWS for layer size
AnswerB

Container images allow larger packages (up to 10 GB).

Why this answer

Lambda allows up to 5 layers with a total unzipped size of 250 MB. If exceeded, the team can split the libraries into multiple functions or use a custom runtime with a container image. Reducing concurrency does not affect package size.

92
MCQhard

A company is migrating an on-premises Oracle database to Amazon RDS for MySQL. The migration must have minimal downtime and must handle ongoing changes during migration. The schema needs to be converted to MySQL-compatible format. Which combination of AWS services should the team use?

A.AWS SCT alone
B.AWS DMS with AWS Schema Conversion Tool (SCT)
C.AWS DataSync
D.AWS DMS alone
AnswerB

SCT converts schema, DMS with CDC achieves minimal downtime.

Why this answer

AWS DMS can perform ongoing replication using CDC, and SCT converts schemas between different database engines.

93
MCQmedium

A company wants to deploy a containerized application to Google Kubernetes Engine (GKE) using a rolling update strategy. They have defined a Kubernetes Deployment manifest. Which field controls the number of pods that can be unavailable during the update?

A.spec.strategy.rollingUpdate.maxSurge
B.spec.template.spec.containers[].readinessProbe
C.spec.strategy.rollingUpdate.maxUnavailable
D.spec.replicas
AnswerC

maxUnavailable defines how many pods can be unavailable during the rolling update.

Why this answer

Option C is correct because the `spec.strategy.rollingUpdate.maxUnavailable` field in a Kubernetes Deployment manifest explicitly controls the maximum number of Pods that can be unavailable during a rolling update. This field can be set as an absolute number or a percentage of the desired Pod count, ensuring that the update proceeds without dropping below a specified availability threshold.

Exam trap

Cisco often tests the confusion between `maxSurge` and `maxUnavailable`, where candidates mistakenly think `maxSurge` controls unavailability, but in reality `maxSurge` governs the number of extra Pods created above the target, not the number of Pods that can be taken down.

How to eliminate wrong answers

Option A is wrong because `spec.strategy.rollingUpdate.maxSurge` controls the maximum number of Pods that can be created above the desired replica count during an update, not the number of unavailable Pods. Option B is wrong because `spec.template.spec.containers[].readinessProbe` defines a health check that determines when a container is ready to serve traffic, but it does not control the number of Pods that can be unavailable during a rolling update. Option D is wrong because `spec.replicas` sets the desired number of Pod replicas for the Deployment, but it has no direct role in managing the availability constraints during a rolling update.

94
MCQmedium

A company uses CloudFormation to manage infrastructure across multiple AWS accounts. They want to deploy a common set of resources (e.g., VPC, IAM roles) to all accounts in their organization. Which CloudFormation feature should they use?

A.Change sets
B.Nested stacks
C.Stack sets
D.Drift detection
AnswerC

StackSets enable deploying stacks to multiple accounts/regions.

Why this answer

CloudFormation StackSets allow deploying stacks across multiple accounts and regions.

95
MCQhard

A cloud architect is designing a multi-account AWS environment and wants to deploy CloudFormation stacks consistently across many accounts. The architect needs a solution that can manage stack instances across multiple accounts and Regions from a single administrator account. Which AWS feature should be used?

A.Stack sets
B.Drift detection
C.Nested stacks
D.Change sets
AnswerA

StackSets enable deploying stacks across multiple accounts and regions with centralized management.

Why this answer

AWS CloudFormation StackSets allow you to create, update, or delete stacks across multiple accounts and Regions from a single admin account.

96
MCQhard

A cloud engineer is designing a CI/CD pipeline using Azure DevOps. They need to ensure that code changes are automatically built, tested, and deployed to a staging environment, and then after manual approval, deployed to production. Which pipeline configuration should they use?

A.Multi-stage pipeline with environment approvals on the production stage
B.Single stage pipeline with conditional deployment
C.Release pipeline with continuous deployment trigger
D.Build pipeline only
AnswerA

Correct. Multi-stage pipelines with approval gates meet the requirement.

Why this answer

Azure DevOps multi-stage pipelines allow defining stages such as build, test, and deploy, with gates and approvals. An approval gate on the production stage ensures manual review before deployment.

97
Multi-Selectmedium

A company is deploying a critical application on Google Kubernetes Engine (GKE) and needs to ensure high availability and automatic scaling. Which THREE features should be configured?

Select 3 answers
A.Single cluster in one zone
B.StatefulSets for all deployments
C.Multiple node pools with multiple nodes
D.Horizontal Pod Autoscaler
E.Cluster auto-scaling
AnswersC, D, E

Multiple nodes across zones improve availability.

Why this answer

Horizontal Pod Autoscaler (HPA) scales pods based on metrics. Node pools with multiple nodes provide redundancy. Cluster auto-scaling adds nodes as needed.

StatefulSets are for stateful apps, not high availability by themselves. Regional clusters provide multi-zone HA.

98
MCQmedium

A company is migrating an on-premises MySQL database to Azure SQL Database using Azure Database Migration Service. They want minimal downtime. Which migration mode should they choose?

A.Bulk copy
B.Offline migration
C.Online migration with continuous sync
D.Schema conversion only
AnswerC

Correct. Online mode uses CDC to minimize downtime.

Why this answer

Azure DMS offers online migration mode that uses CDC to replicate ongoing changes, allowing near-zero downtime. Offline mode requires stopping writes during migration.

99
MCQeasy

An organization wants to deploy a new application with zero downtime by switching traffic between two identical production environments. Which deployment strategy should be used?

A.Rolling deployment
B.Canary deployment
C.In-place deployment
D.Blue/green deployment
AnswerD

Correct description of blue/green.

Why this answer

Blue/green deployment involves maintaining two identical environments; traffic is switched from the old (blue) to the new (green) environment via DNS or load balancer, enabling zero downtime.

100
MCQhard

An organization uses Azure DevOps for CI/CD. They need to deploy a Bicep template that creates resources in multiple Azure regions. The deployment must be idempotent and handle dependencies between resources. Which Azure DevOps task should they use?

A.Azure PowerShell task with New-AzResourceGroupDeployment
B.Azure File Copy task
C.Azure CLI task with az deployment group create
D.Azure Resource Group Deployment task
AnswerD

This task is specifically designed for deploying ARM and Bicep templates, handling dependencies and idempotency.

Why this answer

The Azure Resource Group Deployment task in Azure DevOps can deploy ARM/Bicep templates and handle resource dependencies and idempotency through Azure Resource Manager.

101
Multi-Selectmedium

A company is implementing a canary deployment for a web application running on AWS. Which TWO components are essential for this strategy? (Choose two.)

Select 2 answers
A.A blue environment running the old version
B.A CI/CD pipeline with automated testing
C.An auto scaling group for the new version
D.A load balancer to distribute traffic between versions
E.Monitoring to track error rates and performance
AnswersD, E

Needed to control traffic percentages.

Why this answer

A load balancer to route traffic and monitoring to detect issues are essential for canary deployments.

102
MCQeasy

A company uses AWS CloudFormation to manage its infrastructure. After updating a stack, a developer notices that the actual infrastructure differs from the expected template. Which CloudFormation feature should be used to identify these differences?

A.Drift detection
B.Stack sets
C.Change sets
D.Rollback triggers
AnswerA

Drift detection identifies discrepancies between the stack's deployed resources and the template.

Why this answer

Drift detection allows you to detect whether a stack's actual configuration differs from its expected template configuration.

103
Multi-Selecthard

A company manages a multi-account AWS environment and wants to deploy consistent infrastructure across several accounts using CloudFormation. The solution must support updates to the infrastructure and detect configuration drift. Which TWO CloudFormation features should be used?

Select 2 answers
A.Change sets
B.StackSets
C.Outputs
D.Nested stacks
E.Drift detection
AnswersB, E

StackSets enable deployments across multiple accounts.

Why this answer

StackSets allow deploying stacks across multiple accounts and regions. Drift detection identifies changes made outside CloudFormation. Change sets preview changes but are not specific to multi-account.

104
MCQhard

An engineer is deploying a Kubernetes application on EKS and needs to ensure that pods are only considered healthy after a startup delay, and that traffic stops to unhealthy pods. Which two probe types should be configured in the deployment manifest?

A.Startup probe and readiness probe
B.Liveness probe and startup probe
C.Only readiness probe
D.Readiness probe and liveness probe
AnswerD

Readiness controls traffic; liveness handles restarts.

Why this answer

Readiness probes determine if a pod is ready to serve traffic; liveness probes determine if a pod is healthy and should be restarted. Both are needed for robust health checking.

105
MCQeasy

A cloud engineer is writing a Terraform configuration to deploy an AWS EC2 instance. Which file extension is typically used for Terraform configuration files written in HCL?

A..yaml
B..tf
C..json
D..hcl
AnswerB

.tf is the correct extension for Terraform HCL files.

Why this answer

Terraform uses the .tf extension for HCL configuration files.

106
MCQmedium

An organization uses a CI/CD pipeline with Jenkins. The pipeline includes stages: source, build, test, deploy, and verify. During the deploy stage, the team wants to automatically roll back if the verify stage fails. Which Jenkins feature supports this?

A.Blue Ocean plugin
B.Multibranch Pipeline
C.Post-build actions with rollback script
D.Jenkinsfile declarative pipeline with 'post' section
AnswerC

Post-build actions can execute scripts on failure, enabling rollback.

Why this answer

In Jenkins, post-build actions allow you to define tasks that run after the build completes, such as triggering a rollback script. This feature directly supports automatic rollback if a later stage (like verify) fails, as the rollback can be configured as a post-build action. Option D refers to the declarative pipeline's 'post' section, which is a newer syntax but not specifically called 'post-build actions' in Jenkins terminology.

The correct answer is C because 'Post-build actions with rollback script' is the feature that enables automatic rollback after a failure.

107
MCQhard

A company uses Terraform to manage infrastructure as code. After running terraform apply, the state file is stored locally. The team wants to enable collaboration by storing state remotely with locking to prevent concurrent modifications. Which backend should be configured?

A.Consul
C.S3 with DynamoDB locking
D.local
AnswerC

S3 backend with DynamoDB table for locking is a standard approach for team collaboration.

Why this answer

Option C is correct because S3 provides a scalable, durable remote backend for Terraform state, and DynamoDB locking prevents concurrent modifications by acquiring a lock via a DynamoDB table before state operations. This combination is the standard AWS-native solution for team collaboration, as it supports state versioning, encryption, and consistent locking via DynamoDB's conditional writes.

Exam trap

The trap here is that candidates may choose Consul or HTTP thinking they support locking, but Cisco tests the specific requirement for a fully managed, AWS-native solution with built-in locking, which only S3 with DynamoDB provides among the options.

How to eliminate wrong answers

Option A is wrong because Consul is a valid remote backend but is not the recommended choice for AWS environments; it requires running a Consul cluster and does not natively integrate with AWS services like S3 for state storage. Option B is wrong because the HTTP backend is a generic REST-based backend that does not support state locking natively; it requires a custom server implementation to handle locking, making it unsuitable for simple collaboration. Option D is wrong because the local backend stores state on the local filesystem, which prevents any form of remote collaboration and lacks locking mechanisms entirely.

108
MCQmedium

A company is migrating 100 TB of data from an on-premises NAS to Amazon S3. The network bandwidth is limited to 100 Mbps, and the transfer must complete within 30 days. Which service should the company use to meet the deadline?

A.AWS DataSync
B.Amazon S3 Transfer Acceleration
C.AWS Snowball
D.AWS Direct Connect
AnswerC

Snowball physically ships data, bypassing network limits.

Why this answer

At 100 Mbps, transferring 100 TB would take about 100 days over the network. AWS Snowball is a physical device for offline transfer, much faster. DataSync and S3 Transfer Acceleration still rely on network bandwidth.

109
MCQeasy

A cloud engineer is using Ansible to automate cloud resource provisioning. Which statement about Ansible is true?

A.Ansible uses JSON for configuration management.
B.Ansible requires an agent to be installed on each managed node.
C.Ansible uses YAML for playbook definitions.
D.Ansible is a cloud-only tool that cannot manage on-premises servers.
AnswerC

Ansible playbooks are written in YAML format.

Why this answer

Ansible is agentless, meaning it does not require any software to be installed on managed nodes; it uses SSH or WinRM to connect and execute tasks.

110
MCQmedium

A cloud administrator is writing an Ansible playbook to provision cloud resources. The administrator wants to ensure that the playbook can run without requiring any agent software on the target machines. Which Ansible feature enables this agentless operation?

A.Ansible inventory files that list hosts
B.Ansible modules that run on the control node
C.SSH-based connection to managed nodes
D.Pull mode from a central repository
AnswerC

SSH is agentless.

Why this answer

Ansible connects via SSH (or WinRM) by default, no agent needed. Pull mode requires an agent, modules are code units, and inventory lists hosts.

111
MCQmedium

A DevOps team uses Jenkins for CI/CD. They want to automatically deploy containerized applications to a Kubernetes cluster. Which Jenkins feature or plugin can integrate with Kubernetes to manage deployments?

A.Jenkins Declarative Pipeline
B.Jenkins Blue Ocean
C.Jenkins Multibranch Pipeline
D.Kubernetes plugin
AnswerD

The Kubernetes plugin enables Jenkins to dynamically create agents in Kubernetes and deploy workloads.

Why this answer

The Kubernetes plugin for Jenkins allows Jenkins agents to be dynamically provisioned as pods within a Kubernetes cluster, enabling automated deployment of containerized applications. It integrates directly with the Kubernetes API to manage deployments, services, and other resources, making it the correct choice for this scenario.

Exam trap

Cisco often tests the distinction between Jenkins features that define pipeline logic (like Declarative Pipeline) and plugins that provide external integrations (like the Kubernetes plugin), leading candidates to confuse syntax with integration capabilities.

How to eliminate wrong answers

Option A is wrong because Jenkins Declarative Pipeline is a syntax for defining CI/CD pipelines, not a plugin that integrates with Kubernetes for deployment management. Option B is wrong because Jenkins Blue Ocean is a user interface redesign for Jenkins, providing a modern UI but no native Kubernetes integration or deployment capabilities. Option C is wrong because Jenkins Multibranch Pipeline is a feature that automatically creates pipelines for multiple branches in a repository, but it does not provide Kubernetes-specific deployment integration.

112
MCQeasy

A cloud engineer is designing a deployment strategy for a web application that requires zero downtime. The engineer has set up two identical production environments, one active and one idle. After deploying the new version to the idle environment, the engineer switches the DNS record to point to the idle environment. This deployment method is known as:

A.Blue/green deployment
B.Rolling deployment
C.A/B testing deployment
D.Canary deployment
AnswerA

Blue/green uses two environments and a switch.

Why this answer

Blue/green deployment involves two environments (blue = current, green = new) and switching traffic via DNS or load balancer. Canary and rolling deploy gradually, while A/B testing is for feature comparison.

113
MCQmedium

A cloud engineer is writing an Ansible playbook to provision virtual machines in Azure. The playbook includes a task that uses the 'azure_rm_virtualmachine' module. Which of the following best describes Ansible's architecture in this scenario?

A.Ansible uses agents installed on target VMs to execute modules.
B.Ansible is a managed service in Azure that runs playbooks automatically.
C.Ansible requires Python to be installed only on the control node.
D.Ansible is agentless and uses SSH or WinRM to connect to target machines.
AnswerD

Correct. Ansible connects to targets without installing agents.

Why this answer

Ansible is agentless and connects via SSH or WinRM. It is not agent-based; it does not require Python on the control node only; it is not a managed service.

114
Multi-Selectmedium

A cloud architect is designing a Kubernetes deployment for a stateless web application. The application must be highly available and automatically recover from failures. Which THREE components are required to achieve this? (Select 3)

Select 3 answers
A.ConfigMap
B.Deployment resource
C.Service resource
D.StatefulSet
E.Readiness probe
AnswersB, C, E

Correct. Deployment manages replica sets and ensures desired state.

Why this answer

A Deployment manages replicas and supports rolling updates. A Service provides stable networking to the pods. Readiness probes ensure only healthy pods receive traffic.

ConfigMaps and StatefulSets are not required for stateless HA.

115
MCQhard

A DevOps team is implementing a canary deployment for a microservice running on Amazon ECS. They want to gradually shift 10% of traffic to the new version and automatically roll back if error rates exceed 1% in 5 minutes. Which combination of services should they use?

A.AWS CloudFormation and SSM
B.AWS Lambda and Step Functions
C.AWS CodeDeploy with CloudWatch alarms
D.AWS Elastic Beanstalk and Route 53
AnswerC

CodeDeploy supports canary deployments and integrates with CloudWatch alarms for automatic rollback.

Why this answer

AWS CodeDeploy natively supports canary deployments for Amazon ECS, allowing you to specify a traffic shift percentage (e.g., 10%) and integrate with CloudWatch alarms to automatically trigger a rollback when error rates exceed a defined threshold (e.g., 1% over 5 minutes). This combination directly fulfills the gradual traffic shifting and automated rollback requirements without custom scripting.

Exam trap

Cisco often tests the misconception that any orchestration service (like Step Functions) is equivalent to a native deployment service, but the key is that CodeDeploy provides built-in traffic shifting and alarm-based rollback without custom code, which is the exact requirement in the question.

How to eliminate wrong answers

Option A is wrong because AWS CloudFormation and SSM are infrastructure provisioning and management tools; they do not provide built-in traffic shifting or automated rollback based on error rate thresholds for ECS deployments. Option B is wrong because AWS Lambda and Step Functions can orchestrate custom deployment logic but require significant custom code to implement traffic shifting and alarm-based rollback, whereas CodeDeploy offers this natively. Option D is wrong because AWS Elastic Beanstalk is a PaaS service that does not support canary deployments for ECS microservices, and Route 53 is a DNS service that cannot shift traffic at the application load balancer level for ECS tasks.

116
MCQeasy

A cloud engineer is managing infrastructure as code using Terraform. Which command should be run to preview changes before applying them to the cloud environment?

A.terraform apply
B.terraform destroy
C.terraform plan
D.terraform init
AnswerC

Correct. It shows the execution plan without making any changes.

Why this answer

The terraform plan command creates an execution plan, showing what actions Terraform will take to change the infrastructure. It is used as a dry run before applying changes.

117
MCQmedium

A DevOps team is deploying a containerized application to Google Kubernetes Engine (GKE). The team wants to automate the deployment of the application along with its dependencies, such as ConfigMaps and Services, using a single package. Which tool should the team use?

A.Helm charts
B.kubectl apply with multiple manifest files
C.Kustomize overlays
D.Docker Compose
AnswerA

Helm packages Kubernetes resources as charts.

Why this answer

Helm charts package Kubernetes resources into a single deployable unit. Docker Compose is for local development, not production. kubectl apply can apply manifests but not as a package manager. Kustomize overlays but not package management.

118
MCQeasy

A cloud engineer is writing Terraform code to provision AWS resources. They need to define the cloud provider and authentication details. Which block should they use in their HCL configuration?

A.resource block
B.provider block
C.variable block
D.module block
AnswerB

The provider block configures the cloud provider and authentication.

Why this answer

In Terraform, the provider block is used to configure the cloud provider (e.g., AWS, Azure, GCP) and specify authentication settings such as region and credentials.

119
Multi-Selecthard

A company is migrating on-premises storage to Google Cloud Storage (GCS) using Storage Transfer Service. The source is an on-premises NAS with 100 TB of data. Which THREE considerations are relevant for this migration? (Select THREE.)

Select 3 answers
A.The possibility to schedule periodic transfers for ongoing sync
B.Data integrity verification using checksums
C.Requirement to install an agent on the NAS
D.Network bandwidth between on-premises and GCP
E.The need for a physical appliance like Snowball Edge
AnswersA, B, D

Storage Transfer Service supports recurring transfers for continuous synchronization.

Why this answer

Storage Transfer Service supports online transfers from sources like Amazon S3, HTTP/HTTPS, and on-premises via a staging area. Bandwidth, data integrity, and transfer time are key considerations.

120
Multi-Selectmedium

A cloud architect is designing a CI/CD pipeline for a microservices application deployed on AWS. The pipeline should include stages for source code checkout, building, testing, and deploying to production. Which TWO of the following tools are suitable for implementing this pipeline?

Select 2 answers
A.Docker
B.CloudFormation
C.Terraform
D.GitHub Actions
E.AWS CodePipeline
AnswersD, E

GitHub Actions can create workflows for CI/CD.

Why this answer

GitHub Actions and AWS CodePipeline are both CI/CD services that can manage the entire pipeline lifecycle. Terraform and CloudFormation are IaC tools, and Docker is a containerization tool.

121
MCQeasy

A cloud architect is designing a serverless application using Azure Functions. The function must process messages from an Azure Storage Queue. How should the architect configure the trigger?

A.Blob trigger
B.Event Grid trigger
C.Queue trigger
D.HTTP trigger with queue polling
AnswerC

Queue trigger is designed for Azure Storage Queue messages.

Why this answer

The correct answer is C because Azure Functions natively supports a Queue trigger that automatically polls an Azure Storage Queue for new messages and executes the function code when a message is detected. This is the simplest and most efficient way to process messages from a Storage Queue without custom polling logic.

Exam trap

Cisco often tests the distinction between native triggers (Queue trigger) and event-driven triggers (Event Grid, Blob), so candidates may mistakenly choose Event Grid because it is event-driven, but it does not directly integrate with Storage Queues without custom event subscriptions.

How to eliminate wrong answers

Option A is wrong because a Blob trigger is designed to respond to blob storage events (e.g., new or updated blobs), not queue messages. Option B is wrong because an Event Grid trigger handles events from Azure Event Grid, which is a separate event routing service, not a direct queue message source. Option D is wrong because an HTTP trigger with queue polling would require custom code to poll the queue, which defeats the purpose of using a built-in trigger and adds unnecessary complexity.

122
MCQhard

A company is migrating a 50 TB on-premises database to AWS RDS with minimal downtime. They plan to use AWS DMS with ongoing change data capture (CDC). Which additional AWS service should be used to handle the initial full load efficiently before enabling CDC replication?

A.Amazon S3 Transfer Acceleration
B.AWS Snowball Edge
C.AWS DataSync
D.AWS Database Migration Service (DMS)
AnswerB

Snowball Edge can physically transfer large data sets, then DMS continues with CDC.

Why this answer

AWS DMS can use Snowball Edge for large initial loads to avoid lengthy network transfers. S3 Transfer Acceleration speeds up uploads but is not optimal for 50 TB initial load. Database Migration Service is the tool itself.

DataSync is for file storage, not databases.

123
Multi-Selecthard

An organization is implementing a canary deployment strategy for a microservice running on Kubernetes. The deployment should automatically roll back if the error rate exceeds 2% within the first 5 minutes. Which THREE components are essential for implementing this strategy? (Choose three.)

Select 3 answers
A.Service mesh (e.g., Istio, Linkerd)
B.Horizontal Pod Autoscaler
C.Monitoring system (e.g., Prometheus)
D.Progressive delivery tool (e.g., Flagger, Argo Rollouts)
E.Kubernetes Service with label selectors
AnswersA, C, D

Service mesh can route a percentage of traffic to the canary version.

Why this answer

To implement canary with automatic rollback, you need a traffic split mechanism (service mesh), monitoring (Prometheus), and progressive delivery tool (Flagger).

124
MCQhard

An organization uses Azure DevOps for CI/CD. They want to implement a deployment strategy where a new version of an application is deployed to a small subset of users (e.g., 5%) and if no errors are detected, the percentage is gradually increased to 100%. Which deployment strategy should they use?

A.Rolling
B.Recreate
C.Canary
D.Blue/green
AnswerC

Canary releases traffic to a small percentage and increases gradually.

Why this answer

Canary deployment releases to a small subset and gradually increases traffic while monitoring.

125
MCQmedium

A DevOps team uses CloudFormation to manage multi-account infrastructure. They need to deploy a common set of resources across multiple AWS accounts in an organization. Which CloudFormation feature should they use?

A.Nested stacks
B.Drift detection
C.Stack sets
D.Change sets
AnswerC

StackSets enable cross-account, cross-region deployments.

Why this answer

CloudFormation StackSets allow you to deploy stacks across multiple accounts and regions from a single template, ideal for multi-account scenarios.

126
MCQhard

A company needs to transfer 200 TB of data from an on-premises NAS to Amazon S3 over the internet within 5 days. The available bandwidth is 1 Gbps. Which AWS service should be used to accelerate the transfer?

A.AWS Snowball
B.AWS DataSync
C.S3 Transfer Acceleration
D.AWS Direct Connect
AnswerB

DataSync accelerates online transfers with parallel operations.

Why this answer

AWS DataSync can accelerate transfers over the internet using parallel multi-threading and compression. Snowball would be faster for 200 TB, but the question specifies over the internet. DataSync is optimized for network transfers.

127
MCQhard

A team uses Terraform to manage infrastructure. After running terraform apply, the state file is stored in an S3 backend with DynamoDB locking. During a subsequent terraform plan, the team notices that the state file shows resources that no longer exist in the cloud. Which command should the team run to reconcile the state with the actual cloud resources?

A.terraform plan
B.terraform refresh
C.terraform import
D.terraform state rm
AnswerB

Refresh updates the state file to reflect the current state of real-world resources.

Why this answer

Terraform import is used to bring existing resources under Terraform management, but if resources are missing, terraform refresh updates the state to match reality.

← PreviousPage 2 of 2 · 127 questions total

Ready to test yourself?

Try a timed practice session using only Clp Deployment questions.