CCNA Cloud Concepts, Architecture, and Design Questions

9 of 84 questions · Page 2/2 · Cloud Concepts, Architecture, and Design · Answers revealed

76
Multi-Selectmedium

A cloud security architect is designing a multi-tenant SaaS application. Which TWO isolation mechanisms should be implemented to prevent data leakage between tenants?

Select 2 answers
A.API rate limiting
B.Network isolation using virtual networks
C.Storage isolation through separate databases or schemas
D.Data encryption at rest
E.Identity federation
AnswersB, C

Network isolation prevents unauthorized access between tenants.

Why this answer

Network isolation (e.g., VLANs, VPCs) and storage isolation (e.g., separate databases or encryption per tenant) are key. Data encryption at rest protects data but not isolation between tenants. Identity federation and API rate limiting are not isolation mechanisms.

77
MCQmedium

An organization is looking for a cloud deployment model that is provisioned for exclusive use by a single organization, but may be owned, managed, and operated by the organization, a third party, or some combination. Which deployment model is this?

A.Hybrid cloud
B.Private cloud
C.Community cloud
D.Public cloud
AnswerB

Private cloud is exclusively for one organization.

Why this answer

Private cloud is defined as provisioned for exclusive use by a single organization. It can be on-premises or hosted, and managed by the organization or a third party.

78
MCQeasy

Which cloud characteristic refers to the ability to automatically scale resources up or down based on demand?

A.Resource pooling
B.Rapid elasticity
C.Broad network access
D.Measured service
AnswerB

Correct. Rapid elasticity enables automatic scaling.

Why this answer

Rapid elasticity allows resources to be provisioned and released automatically in response to demand, giving the appearance of unlimited capacity.

79
MCQmedium

Which of the following is a key consideration when evaluating a cloud service provider's ability to meet compliance requirements for data sovereignty?

A.The provider's support tier
B.The provider's data center locations and geographic restrictions
C.The provider's penetration testing policy
D.The provider's SOC 2 Type II report
AnswerB

Data sovereignty requires data to reside in specific jurisdictions, so data center locations are critical.

Why this answer

Data sovereignty requires that data is stored and processed in specific geographic locations. Understanding where data centers are located and if they comply with local laws is crucial.

80
MCQmedium

A cloud service provider (CSP) offers a shared infrastructure where multiple customers' virtual machines run on the same physical host but are isolated by the hypervisor. Which cloud deployment model does this represent?

A.Hybrid cloud
B.Private cloud
C.Public cloud
D.Community cloud
AnswerC

Public cloud is characterized by shared, multi-tenant infrastructure with hypervisor isolation.

Why this answer

Public cloud utilizes shared infrastructure with multi-tenancy, where hypervisor isolation separates tenants. Private cloud would be dedicated; community cloud is shared by a specific group; hybrid combines models.

81
Multi-Selecthard

An organization is migrating a legacy application to the cloud and wants to maximize elasticity. Which THREE characteristics should the application support to benefit from cloud elasticity?

Select 3 answers
A.Distributed architecture
B.Monolithic architecture
C.Horizontal scaling support
D.Stateless design
E.Vertical scaling capability
AnswersA, C, D

Distributed components can be scaled independently.

Why this answer

Statelessness allows instances to be added/removed easily. Horizontal scaling (adding more instances) is typical for elasticity. Distributed architecture supports scaling.

Vertical scaling (bigger instances) is limited by instance size, and monolithic design hinders elasticity.

82
MCQmedium

A financial institution requires a cloud environment that is shared by multiple organizations with common regulatory compliance needs, such as PCI DSS. Which deployment model is most appropriate?

A.Private cloud
B.Public cloud
C.Community cloud
D.Hybrid cloud
AnswerC

Correct. Community cloud is shared by organizations with common interests.

Why this answer

A community cloud is designed for organizations with shared concerns like compliance, security, or policy, and is more suitable than public or private cloud for this specific requirement.

83
MCQhard

An organization wants to ensure that if they decide to migrate away from their current cloud provider, they can retrieve all data in a usable format and delete it from the provider's systems. Which principle does this best describe?

A.Interoperability
B.Portability
C.Elasticity
D.Reversibility
AnswerD

Correct. Reversibility covers data retrieval and deletion upon exit.

Why this answer

Reversibility is the ability to cleanly exit a cloud service, including data portability and secure deletion of data from the provider's environment.

84
MCQmedium

An organization is using a public cloud IaaS and wants to ensure they understand which security responsibilities fall on them. According to the shared responsibility model, which of the following is the customer responsible for in an IaaS deployment?

A.Hypervisor security
B.Physical security of data centers
C.Security of the guest operating system
D.Network infrastructure hardening
AnswerC

Correct. The customer manages the OS, apps, and data.

Why this answer

In IaaS, the customer is responsible for securing the operating system, applications, and data, while the provider secures the physical infrastructure.

← PreviousPage 2 of 2 · 84 questions total

Ready to test yourself?

Try a timed practice session using only Cloud Concepts, Architecture, and Design questions.