CCNA Ccsp Cloud Architecture Questions

75 of 84 questions · Page 1/2 · Ccsp Cloud Architecture topic · Answers revealed

1
MCQmedium

An organization is moving a legacy application to the cloud and wants to minimize changes to the application code. They require full control over the operating system and middleware. Which cloud service model is most appropriate?

D.FaaS
AnswerC

Correct. IaaS offers full control over OS and middleware.

Why this answer

IaaS provides virtual machines where the customer can install and configure the OS and middleware without modifying the application code.

2
MCQmedium

An organization wants to deploy a cloud environment where multiple separate agencies with common compliance requirements share the infrastructure, but each agency retains some control over their own resources. Which deployment model best fits this scenario?

A.Hybrid cloud
B.Public cloud
C.Private cloud
D.Community cloud
AnswerD

Community cloud serves a group with common interests, such as compliance.

Why this answer

Community cloud is designed for organizations with shared concerns.

3
MCQeasy

Which cloud service model provides the customer with the ability to deploy and run custom applications using the provider's infrastructure, where the customer manages the applications and data, but does not manage the underlying operating system or hardware?

A.Platform as a Service (PaaS)
B.Software as a Service (SaaS)
C.Function as a Service (FaaS)
D.Infrastructure as a Service (IaaS)
AnswerA

PaaS allows customers to deploy apps without managing underlying OS/hardware.

Why this answer

In PaaS, the customer manages applications and data, while the provider manages the runtime, OS, and infrastructure. IaaS gives more control; SaaS gives less.

4
Multi-Selecthard

When evaluating a cloud service provider's SLA, which TWO metrics are MOST relevant for assessing availability and reliability?

Select 2 answers
A.Uptime percentage (e.g., 99.99%)
B.Support ticket response time
C.Maximum throughput per instance
D.Average latency for API calls
E.Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
AnswersA, E

Direct availability measure.

Why this answer

Uptime percentage (e.g., 99.9%) and RTO/RPO are key availability and disaster recovery metrics. Latency and throughput are performance, not availability; support response time is operational.

5
Multi-Selectmedium

An organization is adopting a hybrid cloud strategy and needs to ensure secure connectivity between on-premises and cloud environments. Which TWO approaches are most appropriate for this purpose?

Select 2 answers
A.Site-to-site VPN over the public internet
B.Direct exposure of on-premises services to the cloud via public internet
C.Dedicated private network connection (e.g., AWS Direct Connect)
D.Cloud access security broker (CASB)
E.MPLS-based VPN from a telecom provider
AnswersA, C

VPN provides encrypted connectivity over the internet.

Why this answer

VPN and dedicated private connections (like AWS Direct Connect or Azure ExpressRoute) are standard for secure hybrid cloud connectivity. Cloud access security brokers (CASBs) are for monitoring, not connectivity; public internet is not secure; MPLS is a type of private connection but less common in cloud contexts.

6
MCQhard

A cloud provider offers a service with an SLA of 99.999% availability. What is the maximum allowable downtime per year in minutes? (Assume 365 days)

A.8.76 minutes
B.5.26 minutes
C.0.526 minutes
D.52.6 minutes
AnswerB

Correct. 99.999% = 0.001% downtime = 5.256 minutes per year.

Why this answer

99.999% availability means 0.001% downtime per year. Yearly minutes = 365 * 24 * 60 = 525,600. 0.001% of 525,600 = 5.256 minutes.

7
Multi-Selectmedium

A financial institution is evaluating a community cloud deployment shared with other banks. Which TWO security considerations are MOST important for this deployment model?

Select 2 answers
A.Minimizing network bandwidth to reduce costs
B.The provider assumes full responsibility for all security controls
C.Use of dedicated physical servers for each tenant
D.Ensuring strong isolation between tenant data and workloads
E.Compliance with common regulatory standards (e.g., PCI-DSS, SOX)
AnswersD, E

Critical to prevent cross-tenant access.

Why this answer

Community clouds require strong isolation between tenants and compliance with shared regulatory standards. Shared responsibility model still applies, and dedicated hardware is not typical.

8
Multi-Selectmedium

A cloud architect is designing a multi-tenant SaaS application. Which TWO isolation mechanisms are essential to prevent tenant data leakage? (Choose two.)

Select 2 answers
A.Geographic isolation
B.Network isolation (e.g., VLANs, VPCs)
C.Shared storage volume encryption
D.Logical data isolation (e.g., database per tenant)
E.Hypervisor isolation
AnswersB, D

Prevents network-level cross-tenant access.

Why this answer

Logical data isolation and network isolation are key to prevent data leakage.

9
MCQhard

An organization is designing a multi-cloud strategy using containers to avoid vendor lock-in. Which of the following approaches BEST ensures portability of containerized applications across different cloud providers?

A.Use cloud provider-specific container services like Amazon ECS with proprietary APIs.
B.Use nested containers to abstract the underlying cloud provider.
C.Standardize on Docker images and Kubernetes orchestration with open-source tooling.
D.Deploy containers directly on virtual machines without an orchestration layer.
AnswerC

Open standards ensure containers can run across any Kubernetes-compatible environment.

Why this answer

Using open standards like Kubernetes and Docker ensures portability, while using proprietary APIs or nested containers can create lock-in or complexity.

10
MCQeasy

In the NIST SP 800-145 definition of cloud computing, which characteristic is described as the capability to rapidly and elastically provision and release resources, often automatically?

A.Rapid elasticity
B.Resource pooling
C.Broad network access
D.Measured service
AnswerA

Rapid elasticity allows quick scaling of resources.

Why this answer

Rapid elasticity is the defined characteristic. Measured service is about metering, resource pooling is about sharing, broad network access is about network availability.

11
MCQmedium

A company wants to avoid vendor lock-in when adopting cloud services. Which strategy is most effective for achieving portability?

A.Using proprietary APIs from the cloud provider
B.Subscribing to a single cloud provider's managed services
C.Using proprietary data formats
D.Adopting open standards and open-source APIs like Kubernetes and Terraform
AnswerD

Open standards facilitate portability and interoperability.

Why this answer

Using open standards and APIs ensures that workloads can be moved between providers. Using proprietary APIs, single provider services, or managed services increases lock-in.

12
MCQmedium

A cloud provider guarantees 99.99% availability for a service. What is the maximum allowed downtime per year (rounded to nearest minute)?

A.1.01 hours
B.5.26 minutes
C.8.76 hours
D.52.56 minutes
AnswerD

Correct: 0.01% of 525,600 minutes = 52.56 minutes.

Why this answer

99.99% implies 0.01% downtime. 365*24*60 = 525,600 minutes. 0.01% of 525,600 = 52.56 minutes, about 53 minutes.

13
MCQmedium

Which design principle is MOST directly concerned with the ability to move workloads between cloud providers or back on-premises without significant re-architecture?

A.Reversibility
B.Portability
C.Isolation
D.Elasticity
AnswerB

Portability ensures workloads can run across different environments.

Why this answer

Portability focuses on minimizing vendor lock-in and enabling migration.

14
Multi-Selecthard

An organization is evaluating a cloud service provider and reviewing their SLA. Which THREE metrics are most important for assessing the provider's reliability and accountability? (Choose three.)

Select 3 answers
A.Number of data center employees
B.Frequency of performance reporting
C.Service credits or compensation for downtime
D.Provider's stock price
E.Monthly uptime percentage guarantee
AnswersB, C, E

Allows customer to monitor compliance.

Why this answer

Uptime guarantee, compensation for failures, and reporting frequency are key SLA metrics.

15
MCQmedium

A cloud security architect is evaluating a CSP for a financial services client. Which of the following audit reports would provide the most comprehensive assurance regarding the CSP's controls over security, availability, processing integrity, confidentiality, and privacy?

A.PCI DSS Attestation of Compliance
B.SOC 2 Type II
C.SOC 1 Type II
D.ISO 27001 certification
AnswerB

SOC 2 Type II covers the five trust service criteria.

Why this answer

SOC 2 Type II reports on controls over security, availability, processing integrity, confidentiality, and privacy over a period.

16
Multi-Selectmedium

An organization is adopting a hybrid cloud strategy. Which THREE considerations are vital for maintaining consistent security across environments? (Select THREE.)

Select 3 answers
A.Dedicated security team for each environment
B.Unified identity and access management (IAM)
C.Consistent network segmentation and firewall rules
D.Harmonized data encryption and key management
E.Different encryption standards for public and private clouds
AnswersB, C, D

Correct. Consistent IAM ensures same policies across clouds.

Why this answer

Consistent identity and access management (IAM) ensures uniform access controls; network segmentation policies prevent unauthorized movement; encryption standards protect data across environments. Patch management is important but not unique to hybrid cloud consistency.

17
MCQmedium

Which cloud design principle ensures that resources can be dynamically adjusted to meet changing demand, often using auto-scaling groups?

A.Elasticity
B.Resource pooling
C.Resiliency
D.Measured service
AnswerA

Correct. Elasticity allows dynamic resource adjustment.

Why this answer

Rapid elasticity is the ability to scale resources up or down quickly and automatically in response to demand.

18
MCQmedium

Which design principle is most directly aimed at avoiding vendor lock-in and ensuring that workloads can be moved between cloud providers with minimal effort?

A.Portability
B.Reversibility
C.Elasticity
D.Multitenancy isolation
AnswerA

Correct. Portability focuses on using open standards to avoid lock-in.

Why this answer

Portability ensures that applications and data can be moved across environments using open standards and APIs, reducing dependence on a single provider.

19
Multi-Selectmedium

A cloud provider offers a service with an SLA of 99.9% availability. Which TWO of the following are likely consequences if the provider fails to meet this SLA?

Select 2 answers
A.The customer receives service credits
B.The customer receives a full refund for the service
C.The provider may incur penalty fees
D.The contract is immediately terminated
E.The customer can take legal action
AnswersA, C

Service credits are a common remedy for SLA breaches.

Why this answer

Typically, SLA violations result in service credits (refunds) and can trigger penalty clauses. Immediate termination is rare, and full refund is not standard. Legal action is possible but less direct.

20
MCQeasy

A company requires that its cloud service provider offers a dedicated environment with no shared infrastructure. Which cloud deployment model should the company choose?

A.Public cloud
B.Hybrid cloud
C.Community cloud
D.Private cloud
AnswerD

Private cloud is dedicated to a single organization.

Why this answer

Private cloud is dedicated to a single organization, providing exclusive use of infrastructure. Public cloud is shared, community is shared by multiple organizations with common interests, and hybrid combines models.

21
Multi-Selecthard

A company is evaluating cloud providers for a critical workload and requires high availability, disaster recovery, and portability. Which THREE factors should the company prioritize in the provider evaluation?

Select 3 answers
A.Support for open APIs and industry standards
B.Availability of independent audit reports (e.g., SOC 2, ISO 27001)
C.Provider's customer support tiers
D.SLA guarantees for uptime and availability
E.Number of data center locations
AnswersA, B, D

Open APIs and standards enhance portability and avoid lock-in.

Why this answer

SLA guarantees availability, open APIs and standards enable portability, and audit reports demonstrate security and compliance. Data center locations are important for latency but not directly for portability; support tiers are operational but not strategic for these requirements.

22
MCQeasy

In the shared responsibility model for public cloud, which of the following is typically the responsibility of the cloud customer when using IaaS?

A.Network firewall configuration at the hypervisor level
B.Physical security of data centers
C.Patch management of the guest operating system
D.Storage device maintenance
AnswerC

The customer manages the guest OS, including patching.

Why this answer

In IaaS, the customer is responsible for managing the operating system, applications, and data. The provider manages the physical infrastructure.

23
Multi-Selectmedium

A company is adopting a hybrid cloud strategy. Which TWO security considerations are most critical for maintaining a consistent security posture across environments? (Choose two.)

Select 2 answers
A.Establishing consistent network security policies (e.g., firewall rules)
B.Relying solely on perimeter security
C.Deploying separate security teams for each environment
D.Implementing identity federation for single sign-on
E.Using different encryption keys for each environment
AnswersA, D

Prevents security gaps between environments.

Why this answer

Identity federation and consistent network security policies ensure seamless and secure integration.

24
MCQhard

A cloud customer is evaluating a provider's service level agreement (SLA) that guarantees 99.99% availability. What is the maximum allowable downtime per year (in minutes) before the SLA is violated?

A.8.76 hours
B.52.56 minutes
C.5.26 minutes
D.87.6 hours
AnswerB

99.99% uptime allows about 52.56 minutes downtime per year.

Why this answer

99.99% means 0.01% downtime per year. 365 days * 24 hours * 60 minutes = 525,600 minutes. 0.01% of that is 52.56 minutes, approximately 53 minutes.

25
MCQeasy

Which cloud service model allows customers to manage only their data and user access, while the provider manages everything else including the infrastructure, operating system, and applications?

C.CaaS
AnswerA

Correct. SaaS customers manage only data and access.

Why this answer

SaaS (Software as a Service) provides a complete application managed by the provider, with the customer responsible only for data and access control.

26
MCQmedium

A company uses a hybrid cloud model where sensitive data resides in a private cloud, while compute-intensive analytics run in a public cloud using anonymized data. What is the primary security consideration for this architecture?

A.Using the same hypervisor in both clouds
B.Implementing network segmentation only in the public cloud
C.Maintaining consistent security policies and secure connectivity between environments
D.Ensuring the public cloud provider has SOC 2 certification
AnswerC

Correct. Consistent policies and secure connections are critical in hybrid cloud.

Why this answer

In hybrid cloud, consistent security policies must apply across both environments, and secure connectivity (e.g., VPN or dedicated connection) is essential to protect data in transit and prevent leakage.

27
MCQmedium

Which of the following is a key benefit of using a hybrid cloud deployment model?

A.Ability to keep sensitive data on-premises while leveraging public cloud for less sensitive workloads
B.Complete isolation from public networks
C.Single vendor management
D.Elimination of shared responsibility
AnswerA

This is a primary use case for hybrid cloud.

Why this answer

Hybrid cloud allows workloads to move between environments, providing flexibility and optimization.

28
MCQmedium

Which of the following is a key benefit of using containers, such as Docker, in a cloud environment to achieve portability?

A.Containers package applications with dependencies to run consistently across environments
B.Containers are always stateless
C.Containers require a specific hypervisor to run
D.Containers provide hardware-level virtualization
AnswerA

This portability allows containers to run on any compatible host.

Why this answer

Containers package applications with dependencies, making them portable across different environments. Virtual machines are less portable, APIs enable interoperability but not specifically portability.

29
MCQeasy

In the NIST SP 800-145 definition, which deployment model is described as infrastructure provisioned for exclusive use by a single organization comprising multiple consumers?

A.Private cloud
B.Public cloud
C.Community cloud
D.Hybrid cloud
AnswerA

Correct. Private cloud is for exclusive use by a single organization.

Why this answer

NIST SP 800-145 defines private cloud as provisioned for exclusive use by a single organization with multiple consumers (e.g., business units).

30
MCQhard

A cloud customer is reviewing a provider's SOC 2 Type II report. What does this report primarily attest to?

A.The provider's financial controls and accuracy of billing
B.The design and operating effectiveness of controls over a period
C.Compliance with international data protection regulations like GDPR
D.Penetration test results and vulnerability assessments
AnswerB

Correct. SOC 2 Type II tests both design and operating effectiveness over time.

Why this answer

SOC 2 Type II reports evaluate the effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy over a period of time (typically 6-12 months).

31
MCQmedium

Which of the following is an example of a cloud interoperability standard that facilitates portability of containerized applications across different cloud environments?

A.SOC 2 Type II
B.CSA STAR
C.ISO 27001
D.Kubernetes
AnswerD

Correct. Kubernetes enables container portability across environments.

Why this answer

Kubernetes is an open-source container orchestration platform that enables portability of containerized applications across different cloud providers and on-premises environments.

32
Multi-Selecthard

An organization is evaluating cloud service providers and wants to ensure that the provider can demonstrate independent verification of its security controls. Which THREE of the following are recognized cloud security audit reports or certifications?

Select 3 answers
A.ISO 27001
B.SOC 2 Type II
C.CSA STAR
D.PCI DSS
E.FedRAMP
AnswersA, B, C

Correct. ISO 27001 is an international security management standard.

Why this answer

SOC 2 Type II, ISO 27001, and CSA STAR are well-known cloud security certifications/audit reports. FedRAMP is US government specific, and PCI DSS is for payment card industry, not a general cloud security audit.

33
MCQeasy

Which NIST-defined cloud characteristic ensures that resources can be scaled up and down rapidly based on demand?

A.Broad network access
B.Rapid elasticity
C.Measured service
D.Resource pooling
AnswerB

Elasticity allows scaling resources up and down.

Why this answer

Rapid elasticity is the ability to scale quickly.

34
MCQeasy

Which characteristic of cloud computing allows a user to automatically provision computing resources without requiring human interaction with the service provider?

A.On-demand self-service
B.Rapid elasticity
C.Broad network access
D.Resource pooling
AnswerA

Correct. This characteristic allows automatic provisioning without human interaction.

Why this answer

On-demand self-service is one of the essential characteristics defined by NIST, enabling users to provision resources automatically.

35
MCQmedium

Which cloud characteristic allows a consumer to automatically provision computing resources, such as server time and storage, as needed without requiring human interaction with the service provider?

A.On-demand self-service
B.Rapid elasticity
C.Broad network access
D.Resource pooling
AnswerA

On-demand self-service allows automatic provisioning without human interaction.

Why this answer

On-demand self-service enables automatic provisioning. Broad network access is about network availability, resource pooling is about multi-tenancy, rapid elasticity is about scaling.

36
Multi-Selectmedium

A cloud architect is designing a multi-tenant SaaS application. Which THREE of the following are essential isolation mechanisms that must be implemented to ensure tenant separation?

Select 3 answers
A.Data storage isolation (e.g., separate schemas or encryption per tenant)
B.Hypervisor isolation
C.Shared database for all tenants
D.Network isolation via VLANs or SDN
E.Single sign-on (SSO) for all tenants
AnswersA, B, D

Correct. Data isolation ensures tenant data separation.

Why this answer

Multi-tenancy isolation requires separation at the hypervisor, data storage, and network levels to prevent one tenant from accessing another's resources.

37
Multi-Selectmedium

A company is considering migrating its customer relationship management (CRM) system to a SaaS provider. Which TWO of the following security responsibilities typically remain with the customer in a SaaS deployment?

Select 2 answers
A.Physical security of data centers
B.Operating system patching
C.User access management
D.Application vulnerability management
E.Data classification and access control
AnswersC, E

Correct. The customer manages user identities and access.

Why this answer

In SaaS, the customer is responsible for data classification and access control, as well as user access management, while the provider manages the application, OS, and infrastructure.

38
MCQhard

A cloud provider's SLA guarantees 99.95% uptime for a service. Over a one-year period (365 days), what is the maximum allowed downtime in minutes to meet this SLA?

A.525.6 minutes
B.262.8 minutes
C.87.6 minutes
D.438 minutes
AnswerB

Correct calculation: 525,600 * 0.0005 = 262.8 minutes.

Why this answer

99.95% uptime means 0.05% downtime. 365 days * 24 hours * 60 minutes = 525,600 minutes. 0.05% of 525,600 = 262.8 minutes.

39
MCQeasy

A company wants to migrate its customer relationship management (CRM) system to the cloud and requires that the provider manages the underlying infrastructure, operating system, and middleware, while the company manages only the application and data. Which cloud service model best meets these requirements?

A.Software as a Service (SaaS)
B.Platform as a Service (PaaS)
C.Infrastructure as a Service (IaaS)
D.Function as a Service (FaaS)
AnswerB

PaaS provides a managed platform where the customer focuses on applications and data.

Why this answer

In PaaS, the provider manages the infrastructure, OS, and middleware; the customer manages applications and data. IaaS would require the customer to manage OS and middleware; SaaS would have the provider manage applications as well.

40
MCQhard

Which cloud design principle is most directly related to ensuring that an organization can migrate workloads from one cloud provider to another without significant re-engineering?

A.Portability
B.Reversibility
C.Multi-tenancy isolation
D.Elasticity
AnswerA

Correct. Portability ensures minimal re-engineering when moving between providers.

Why this answer

Portability refers to the ability to move workloads and data between cloud environments with minimal friction, often using open standards.

41
MCQmedium

A community cloud is best suited for which scenario?

A.A startup wanting to minimize costs by sharing resources with the general public
B.A single organization needing dedicated infrastructure
C.A company that needs to burst workloads to the public cloud during peak times
D.Several government agencies with similar security and compliance requirements
AnswerD

Community cloud is for organizations with common interests.

Why this answer

Community clouds are used by organizations with shared concerns like compliance, mission, or security requirements. A single organization would use private cloud, general public use is public cloud, hybrid is for combining models.

42
MCQmedium

A cloud architect is designing a solution that must automatically scale compute resources based on real-time demand. The application is stateless and can tolerate brief interruptions. Which cloud design principle is most directly addressed by this requirement?

A.Broad network access
B.Measured service
C.Rapid elasticity
D.Resource pooling
AnswerC

Rapid elasticity enables automatic scaling based on demand.

Why this answer

Rapid elasticity allows resources to scale up and down automatically to meet demand, which is the principle being applied. This is a key characteristic of cloud computing.

43
MCQeasy

Which cloud service model provides the customer with the most control over the underlying infrastructure, including operating systems and applications?

D.FaaS
AnswerA

Correct. IaaS provides the most customer control over OS and apps.

Why this answer

IaaS provides virtualized computing resources where the customer manages OS, middleware, and applications, while the provider manages the physical infrastructure.

44
MCQeasy

In a hybrid cloud deployment, which of the following is a critical security consideration?

A.Ensuring consistent security policy across environments
B.Using only public cloud for sensitive data
C.Avoiding any use of APIs for integration
D.Eliminating all private cloud resources
AnswerA

Correct. Consistent policies prevent gaps between environments.

Why this answer

Hybrid cloud requires consistent security policies across both public and private environments, typically enforced via secure connectivity and unified management.

45
MCQhard

An organization is migrating a legacy application to the cloud and wants to minimize vendor lock-in. They plan to use containers orchestrated by Kubernetes. Which design principle is the organization primarily applying?

A.Elasticity
B.Multitenancy isolation
C.Reversibility
D.Portability
AnswerD

Using open standards like Kubernetes and containers enhances workload portability across clouds.

Why this answer

Portability focuses on avoiding vendor lock-in by using open standards and technologies like Kubernetes and Docker that can run across different cloud providers.

46
MCQeasy

Which cloud service model provides the consumer with the ability to deploy and run custom applications using the provider's programming languages, libraries, and tools, but does not allow management of the underlying infrastructure?

D.CaaS
AnswerA

PaaS allows deployment of custom applications without managing infrastructure.

Why this answer

PaaS provides a platform for customers to develop and run applications without managing the underlying infrastructure. IaaS provides infrastructure, SaaS provides software.

47
MCQhard

An organization is evaluating cloud service providers and notices that one provider's SLA offers 99.99% availability for a specific service, while another offers 99.9%. If the service costs $100,000 per month, what is the maximum allowable downtime per month for the 99.99% SLA?

A.8.64 minutes
B.43.2 minutes
C.2.16 minutes
D.4.32 minutes
AnswerD

Correct. 99.99% = 0.01% downtime = 4.32 minutes per month.

Why this answer

99.99% availability allows 0.01% downtime. Monthly downtime = 30 days * 24 hours * 60 minutes = 43,200 minutes. 0.01% of 43,200 = 4.32 minutes.

48
Multi-Selecthard

A company is evaluating cloud providers for a global application. They need to ensure high availability and low latency. Which THREE factors are most important to consider during provider evaluation? (Select THREE.)

Select 3 answers
A.Availability of third-party audit reports (e.g., SOC 2, ISO 27001)
B.SLA uptime guarantees
C.Provider's stock price performance
D.Number of employees at the provider
E.Global data center locations and regions
AnswersA, B, E

Correct. Audit reports verify security and operational controls.

Why this answer

SLA guarantees (e.g., 99.99%) affect availability; global data center presence reduces latency; audit reports like SOC 2 demonstrate operational effectiveness, which impacts reliability.

49
Multi-Selecteasy

Which TWO of the following are essential characteristics of cloud computing as defined by NIST SP 800-145?

Select 2 answers
A.Measured service
B.Multitenancy
C.Virtualization
D.Auditability
E.Resource pooling
AnswersA, E

Correct; usage is metered and optimized.

Why this answer

NIST defines five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Measured service and resource pooling are correct; multitenancy and virtualization are enablers, not characteristics.

50
MCQeasy

Which characteristic of cloud computing allows a user to provision resources automatically without requiring human interaction with the service provider?

A.Rapid elasticity
B.Broad network access
C.On-demand self-service
D.Resource pooling
AnswerC

Correct. On-demand self-service allows automatic provisioning.

Why this answer

On-demand self-service enables users to provision and manage resources as needed via a web portal or API without manual provider intervention.

51
Multi-Selectmedium

A cloud security architect is designing a multi-tenant SaaS application that must ensure strong isolation between tenants. Which TWO mechanisms are most effective for achieving multitenancy isolation?

Select 2 answers
A.Hypervisor-based virtual machine isolation
B.Network micro-segmentation
C.Encryption at rest for all tenant data
D.Database row-level permissions
E.API rate limiting per tenant
AnswersA, B

Hypervisor isolation separates VMs of different tenants.

Why this answer

Network micro-segmentation and hypervisor-level isolation are key for multi-tenant isolation. Encryption at rest protects data but does not isolate compute; database row-level permissions provide logical but not strong isolation; API rate limiting controls usage but not isolation.

52
MCQmedium

In a public cloud IaaS model, which of the following security controls is the cloud customer primarily responsible for implementing?

A.Hypervisor security
B.Network infrastructure security
C.Physical security of data centers
D.Guest OS patch management
AnswerD

The customer manages the guest OS, including patching.

Why this answer

The customer is responsible for securing the guest OS and applications.

53
MCQeasy

Which characteristic of cloud computing allows a user to provision computing resources automatically without requiring human interaction with the service provider?

A.Rapid elasticity
B.Broad network access
C.On-demand self-service
D.Measured service
AnswerC

This is the ability to provision resources automatically without human provider interaction.

Why this answer

On-demand self-service enables users to provision resources as needed without manual intervention from the provider. This is a fundamental characteristic defined by NIST.

54
MCQmedium

A company is adopting a hybrid cloud model to run sensitive workloads on-premises and less critical applications in the public cloud. Which security consideration is most critical for this environment?

A.Using a single cloud provider for both environments
B.Ensuring high-speed network connectivity
C.Maintaining consistent security policies across both environments
D.Implementing data encryption at rest only
AnswerC

Consistent policies prevent security gaps in hybrid cloud.

Why this answer

Hybrid cloud requires consistent security policies across environments to avoid gaps. Connectivity is important but policy consistency ensures security controls are uniformly applied.

55
Multi-Selectmedium

A cloud architect is designing a multi-tenant SaaS application. Which TWO design principles are critical for ensuring tenant isolation? (Select TWO.)

Select 2 answers
A.Network isolation between tenants
B.Single shared database for all tenants
C.Using the same OS image for all tenants
D.Data isolation (e.g., schema per tenant or encryption)
E.Resource pooling across tenants
AnswersA, D

Correct. Network isolation prevents cross-tenant traffic.

Why this answer

Multitenancy isolation requires strong network isolation (e.g., virtual networks, security groups) and data isolation (e.g., separate databases or encryption per tenant) to prevent one tenant from accessing another's data.

56
MCQhard

An organization needs to migrate a legacy application to the cloud. The application requires full control over the operating system, middleware, and runtime. The team wants to minimize management overhead while retaining OS-level access. Which cloud service model is most appropriate?

C.FaaS
AnswerA

IaaS allows full OS control while the provider manages physical infrastructure.

Why this answer

IaaS provides virtualized hardware with OS access; PaaS abstracts the OS.

57
MCQhard

A company is migrating to a hybrid cloud and needs to ensure consistent security policies across both on-premises and cloud environments. Which of the following is the MOST critical consideration?

A.Implementing single sign-on (SSO) for all users
B.Using dedicated private network connections
C.Choosing the same cloud provider for all public cloud workloads
D.Ensuring that security policies are uniformly applied and enforced across all environments
AnswerD

Consistent policy enforcement prevents security gaps between environments.

Why this answer

Consistent security policy enforcement is key in hybrid cloud. While identity management and encryption are important, ensuring the same policies apply across environments is the most critical to avoid gaps.

58
MCQmedium

A security auditor is reviewing a cloud provider's controls to ensure that customer data is appropriately isolated. Which design principle is most directly related to this requirement?

A.Multitenancy isolation
B.Reversibility
C.Portability
D.Elasticity
AnswerA

Multitenancy isolation ensures separation between tenants.

Why this answer

Multitenancy isolation ensures that resources (compute, storage, network) of different customers are separated. Elasticity is about scaling, portability about moving, reversibility about exiting.

59
MCQhard

A company plans to deploy a multi-tier application across multiple cloud providers to avoid single points of failure. They need to ensure consistent security policies, including identity federation and network segmentation, across all environments. Which architecture consideration is MOST critical?

A.Using a single cloud provider for all tiers
B.Storing all data in a single provider's data center
C.Using different encryption standards for each provider
D.Implementing a unified security policy management tool
AnswerD

A unified tool ensures consistent policies across providers.

Why this answer

Consistent security policy across environments is critical in hybrid/multi-cloud.

60
MCQeasy

Which NIST essential characteristic of cloud computing allows the provider to dynamically assign and reassign resources to multiple tenants, often using a multi-tenant model?

A.Resource pooling
B.Rapid elasticity
C.Broad network access
D.Measured service
AnswerA

Correct. Pooling supports multi-tenancy and dynamic assignment.

Why this answer

Resource pooling is the characteristic where the provider's computing resources are pooled to serve multiple consumers, with physical and virtual resources dynamically assigned.

61
Multi-Selectmedium

Which THREE of the following are valid methods for achieving multitenancy isolation in a public cloud IaaS environment?

Select 3 answers
A.Encrypting data at rest with tenant-specific keys
B.Using a single database schema for all tenants
C.Storage area network (SAN) zoning to separate tenant data
D.Shared memory segments across tenants for performance
E.Hypervisor-level isolation between virtual machines
AnswersA, C, E

Encryption prevents unauthorized access.

Why this answer

Hypervisor isolation, storage network segmentation (e.g., VLANs), and data encryption at rest are all valid isolation methods. Shared memory and single database schema for all tenants would break isolation.

62
MCQeasy

A company is considering moving its customer relationship management (CRM) system to the cloud. The CRM is accessed through a web browser and the provider handles all maintenance, security, and infrastructure. Which cloud service model is being used?

B.FaaS
AnswerC

SaaS delivers fully managed software over the internet.

Why this answer

In SaaS, the provider manages everything except user access and data.

63
MCQhard

An organization is evaluating a cloud provider's SLA for a critical application. The provider offers a 99.95% uptime SLA with a 10% service credit for each 30-minute downtime period exceeding the threshold. The organization's business impact analysis requires a maximum downtime of 4.38 hours per year. Does the provider's SLA meet this requirement, and what is the annual allowed downtime based on the SLA?

A.No, because service credits only apply after 30 minutes of downtime, so actual uptime is lower.
B.Yes, because the 10% credit effectively increases the uptime commitment.
C.No, because 99.95% uptime allows 5 hours of downtime per year.
D.Yes, because the SLA guarantees 99.95% uptime, which equals 4.38 hours of downtime per year.
AnswerD

Correct calculation: 0.05% of 8760 hours = 4.38 hours.

Why this answer

99.95% uptime allows 0.05% downtime per year. 0.05% of 365 days * 24 hours = 0.05% * 8760 hours = 4.38 hours. Exactly meets the requirement. The service credit mechanism does not change the allowed downtime.

64
MCQmedium

A financial institution is subject to strict regulatory requirements that mandate data residency and physical control over its infrastructure. At the same time, it wants to leverage cloud bursting for peak loads. Which deployment model should the institution adopt?

A.Hybrid cloud
B.Private cloud
C.Community cloud
D.Public cloud
AnswerA

Hybrid cloud allows the institution to keep sensitive data in a private cloud and use public cloud for bursting.

Why this answer

A hybrid cloud combines a private cloud for sensitive workloads with public cloud resources for elasticity, meeting both regulatory and scalability needs.

65
MCQhard

Which audit report provides the most comprehensive assurance regarding a cloud provider's controls over a period of time, including controls related to security, availability, processing integrity, confidentiality, and privacy?

A.ISO 27001 certification
B.SOC 2 Type I
C.CSA STAR self-assessment
D.SOC 2 Type II
AnswerD

Type II assesses controls over a period and covers the trust criteria.

Why this answer

SOC 2 Type II reports cover controls over a period of time and include the five trust service criteria. SOC 2 Type I is a point-in-time report. ISO 27001 is a certification, not a report.

CSA STAR is a self-assessment.

66
MCQmedium

In the shared responsibility model for public cloud IaaS, which of the following is typically the responsibility of the cloud customer?

A.Network infrastructure redundancy
B.Managing virtual machine guest OS patches
C.Physical security of data centers
D.Patching the hypervisor
AnswerB

Correct. The customer is responsible for patching the guest OS.

Why this answer

In IaaS, the customer manages the guest OS, applications, data, and network traffic controls. The provider manages the physical infrastructure, hypervisor, and network.

67
MCQmedium

A financial services company is required to keep customer data within a specific geographic boundary due to regulatory requirements. The company is evaluating cloud deployment models. Which model would best ensure data sovereignty while still providing scalability?

A.Hybrid cloud with public cloud bursting
B.Public cloud with multi-region deployment
C.Community cloud hosted in the required geography
D.Private cloud on-premises
AnswerC

Correct. Community cloud meets shared requirements and can be geo-fenced.

Why this answer

A community cloud can be shared by organizations with common compliance needs, such as financial regulations, and can be deployed in a specific region to meet data sovereignty.

68
MCQhard

A company is designing a multi-cloud strategy to avoid vendor lock-in and ensure portability. They are considering using containers and an open-source orchestration platform. Which of the following is the BEST choice to achieve workload portability across different cloud providers?

A.Kubernetes
B.Azure Functions
C.AWS Lambda
D.VMware vSphere
AnswerA

Kubernetes is open-source and supported by all major cloud providers.

Why this answer

Kubernetes is an open-source container orchestration platform that allows portability across clouds.

69
Multi-Selectmedium

Which THREE of the following are benefits of using a hybrid cloud deployment model?

Select 3 answers
A.Elasticity to burst to public cloud during peak demand
B.Simplified SLA management across environments
C.Ability to keep sensitive workloads on-premises while using public cloud for less sensitive ones
D.Consistent security policies can be applied across both environments
E.Eliminates data sovereignty concerns
AnswersA, C, D

Hybrid enables scaling to public cloud.

Why this answer

Hybrid cloud offers flexibility to keep sensitive data on-premises, burst to public cloud for elasticity, and maintain consistent security policies across environments. It does not reduce SLA complexity or eliminate data sovereignty concerns.

70
Multi-Selecthard

An organization is migrating a legacy application to the cloud and requires reversibility. Which THREE of the following should be considered to ensure the application can be migrated away from the cloud provider in the future?

Select 3 answers
A.Using containerization with Kubernetes for workload portability
B.Designing the application to use open standards (e.g., OAuth, REST)
C.Using proprietary APIs for storage and compute
D.Implementing auto-scaling policies
E.Ensuring data can be exported in standard formats (e.g., CSV, JSON)
AnswersA, B, E

Containers and orchestration improve portability.

Why this answer

Reversibility involves using open standards and APIs, ensuring data portability, and avoiding deep integration with proprietary services. Auto-scaling is a benefit but not a requirement for reversibility.

71
MCQmedium

A healthcare organization is migrating patient records to a public cloud provider. Which of the following is the most critical consideration regarding shared responsibility when using IaaS?

A.The cloud provider is responsible for all security controls because they own the infrastructure.
B.The customer has no responsibility for network security because the provider manages the hypervisor.
C.The cloud provider automatically encrypts all data at rest and in transit by default.
D.The customer is responsible for securing the operating system, applications, and data they deploy on the IaaS platform.
AnswerD

Correct per shared responsibility model for IaaS.

Why this answer

In IaaS, the customer is responsible for securing the OS, applications, and data, while the provider secures the physical infrastructure. Data encryption and access control are customer responsibilities.

72
MCQmedium

A company wants to migrate a legacy application to the cloud with minimal re-architecture. They need control over the operating system and middleware but do not want to manage physical hardware. Which service model is most suitable?

A.FaaS
AnswerC

Correct. IaaS provides the flexibility to manage OS and middleware.

Why this answer

IaaS provides virtualized computing resources where the customer manages OS, apps, and data, but not the underlying infrastructure.

73
MCQeasy

Which NIST SP 800-145 cloud service model provides the consumer with the ability to deploy applications onto a cloud infrastructure where the consumer does not manage the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment?

A.Platform as a Service (PaaS)
B.Function as a Service (FaaS)
C.Software as a Service (SaaS)
D.Infrastructure as a Service (IaaS)
AnswerA

PaaS provides a platform for deploying applications without managing underlying infrastructure.

Why this answer

This is the definition of Platform as a Service (PaaS) per NIST SP 800-145. The consumer manages applications and data, while the provider manages everything else.

74
MCQhard

In a public cloud IaaS environment, which of the following is the customer responsible for securing, according to the shared responsibility model?

A.Operating system and applications
B.Virtualization hypervisor
C.Network infrastructure
D.Physical security of data centers
AnswerA

The customer manages OS, apps, and data.

Why this answer

The customer is responsible for securing the operating system, applications, and data they deploy. The provider secures the physical infrastructure, network, and hypervisor.

75
MCQeasy

Which cloud characteristic allows a user to automatically provision computing resources without requiring human interaction with the service provider?

A.Broad network access
B.Rapid elasticity
C.Resource pooling
D.On-demand self-service
AnswerD

This characteristic allows users to provision resources automatically.

Why this answer

On-demand self-service enables automatic provisioning.

Page 1 of 2 · 84 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Ccsp Cloud Architecture questions.

CCNA Ccsp Cloud Architecture Questions — Page 1 of 2 | Courseiva