



























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The CPCSA Exam assesses advanced expertise in designing scalable, secure, and cost-effective cloud solutions. It covers cloud architecture patterns, security frameworks, migration strategies, integration, and optimization. Candidates demonstrate the ability to align cloud solutions with business requirements. This certification is suitable for cloud architects and senior IT professionals.
Typology: Exams
1 / 99
This page cannot be seen from the preview
Don't miss anything!




























































































Question 1. Which cloud service model provides the highest level of control over the underlying operating system and networking stack? A) SaaS B) PaaS C) IaaS D) XaaS Answer: C Explanation: IaaS (Infrastructure as a Service) delivers virtualized compute, storage, and networking resources, allowing customers to manage OS, middleware, and applications, unlike SaaS or PaaS which abstract more of the stack. Question 2. In a hybrid cloud design, which component is most critical for ensuring consistent identity across on‑premises and public cloud environments? A) Virtual Private Cloud (VPC) B) Identity Federation (e.g., SAML, OIDC) C) Content Delivery Network (CDN) D) Spot Instances Answer: B Explanation: Identity federation enables single sign‑on and consistent user identities across disparate environments, which is essential for hybrid cloud security and access management. Question 3. Which architectural pattern is best suited for applications that must scale to millions of concurrent short‑lived tasks without managing servers? A) Monolithic B) Microservices C) Serverless (FaaS)
D) N‑tier Answer: C Explanation: Serverless Function‑as‑a‑Service (FaaS) automatically provisions compute for each request, handling massive concurrency without server management. Question 4. The Well‑Architected Framework pillar that focuses on protecting data, systems, and assets through risk assessments and mitigation is: A) Operational Excellence B) Security C) Reliability D) Cost Optimization Answer: B Explanation: The Security pillar emphasizes protecting information, systems, and assets by implementing best practices such as identity management, encryption, and monitoring. Question 5. When designing a multi‑cloud strategy, which of the following most directly reduces vendor lock‑in? A) Using proprietary storage APIs B) Deploying workloads only in a single region C) Implementing abstraction layers like Terraform modules and container orchestration D. Relying on a single cloud provider’s native monitoring service Answer: C Explanation: Abstraction tools and portable workloads (e.g., containers, IaC) allow workloads to be moved between providers, mitigating lock‑in risk.
Answer: C Explanation: GSLB operates at the DNS level to route traffic globally, using health checks and proximity to select the optimal region. Question 9. Which storage type is optimized for high‑throughput sequential reads and writes of large, unstructured data such as media files? A) Block storage B) File storage C) Object storage D) Archive storage Answer: C Explanation: Object storage (e.g., Amazon S3, Azure Blob) is designed for massive, unstructured data with high durability and scalability. Question 10. A NoSQL database that stores data as key‑value pairs and provides sub‑millisecond latency is most appropriate for: A) Complex relational joins B) Session store or caching layer C) Graph traversal queries D) Data warehousing Answer: B Explanation: Key‑value stores excel at simple lookups with minimal latency, making them ideal for session data or caching. Question 11. Which consistency model guarantees that a read operation always returns the most recent write for a given data item?
A) Eventual consistency B) Strong consistency C) Causal consistency D) Session consistency Answer: B Explanation: Strong consistency ensures that after a write completes, all subsequent reads see that write. Question 12. When migrating petabyte‑scale data from on‑premises to the cloud with minimal downtime, which tool or service is most commonly used? A) Manual SFTP transfers B) AWS Snowball Edge / Azure Data Box C) CloudWatch Logs D) Serverless Functions Answer: B Explanation: Physical data transfer appliances like Snowball Edge or Data Box move large volumes efficiently while reducing network bandwidth constraints. Question 13. In a disaster‑recovery plan, a Recovery Point Objective (RPO) of 15 minutes means: A) The system must be back online within 15 minutes. B) No more than 15 minutes of data loss is acceptable. C) Backups run every 15 minutes. D) The system can tolerate 15 minutes of downtime. Answer: B
B) Server‑Side Encryption (SSE) with customer‑managed keys C) IPsec D) Application‑layer encryption only Answer: B Explanation: SSE encrypts data before storing it, and customers can supply their own keys via KMS for added control. Question 17. Which of the following best describes a Zero Trust network architecture? A) Trust all internal traffic and only inspect external traffic. B) Assume every request is untrusted and verify identity, device posture, and least‑privilege access each time. C) Use a single perimeter firewall to protect the entire environment. D) Rely on VPNs to secure all communications. Answer: B Explanation: Zero Trust treats all network traffic as untrusted, requiring continuous verification and strict access controls. Question 18. In a microservices architecture, which pattern helps to prevent cascading failures when a downstream service becomes unavailable? A) Singleton B) Circuit Breaker C) Monolithic Kernel D) Tight Coupling Answer: B Explanation: The Circuit Breaker pattern detects failures and short‑circuits calls to unhealthy services, protecting the overall system.
Question 19. Which cloud‑native service is designed specifically for real‑time stream processing of high‑velocity data (e.g., clickstreams, IoT telemetry)? A) Data Lake B) Data Warehouse C) Managed Streaming Service (e.g., Kafka, Kinesis) D) Relational Database Service Answer: C Explanation: Managed streaming services ingest, process, and deliver real‑time data streams for analytics and event‑driven applications. Question 20. An organization must meet GDPR requirements for data residency. Which design choice ensures that personal data never leaves the European Union? A) Use a global CDN with edge caching. B) Deploy resources in a multi‑region architecture spanning the US and EU. C) Create a VPC in an EU‑based region and enable data‑locality controls. D) Encrypt data with a customer‑managed key stored in the US. Answer: C Explanation: Hosting workloads in an EU region and enforcing data‑locality policies guarantees that data stays within the EU. Question 21. Which cost‑optimization strategy involves committing to a one‑ or three‑year usage term in exchange for a lower hourly rate? A) Spot Instances B) Savings Plans / Reserved Instances C) Auto‑Scaling
A) IaaS with self‑managed GPU VMs B) PaaS with managed AI services (e.g., SageMaker, AI Platform) C) SaaS chatbot solution D) FaaS without GPU support Answer: B Explanation: Managed AI platforms provide GPU‑enabled instances with built‑in model deployment, reducing operational effort. Question 25. Which blockchain consensus mechanism is most energy‑efficient and commonly used in permissioned enterprise ledgers? A) Proof of Work (PoW) B) Proof of Stake (PoS) C) Practical Byzantine Fault Tolerance (PBFT) D) Proof of Authority (PoA) Answer: C Explanation: PBFT provides fast finality with low energy consumption, suited for permissioned networks. Question 26. When using edge computing for IoT data processing, which architectural principle reduces bandwidth consumption to the central cloud? A) Centralized data lake ingestion B) Sending raw sensor data to the cloud for processing C) Performing local aggregation and filtering at the edge node D) Storing all data in a regional data warehouse Answer: C
Explanation: Edge aggregation processes data near the source, transmitting only relevant insights, thus saving bandwidth. Question 27. Which of the following is a primary benefit of using a Content Delivery Network (CDN) for static web assets? A) Dynamic scaling of compute resources B) Reduced latency by serving content from edge locations close to users C) Automatic database sharding D) Encryption of data at rest in the origin bucket only Answer: B Explanation: CDNs cache static assets at geographically distributed edge nodes, decreasing latency for end‑users. Question 28. In a cloud environment, which component is responsible for providing a logical isolation boundary for resources belonging to different tenants? A) Virtual Machine B) Availability Zone C) Account or Subscription (or Project) D) Load Balancer Answer: C Explanation: Accounts/Subscriptions (or Projects) isolate billing, IAM policies, and resources between tenants. Question 29. Which of the following best describes “autoscaling groups” in compute provisioning? A) Manually adding or removing virtual machines.
Explanation: Object storage offers HTTP access, scalability, and built‑in versioning, ideal for large binaries. Question 32. Which data consistency model is typically offered by distributed NoSQL databases that prioritize availability over immediate consistency? A) Strong consistency B) Linearizability C) Eventual consistency D) Serializability Answer: C Explanation: Eventual consistency allows writes to be accepted locally and propagated later, favoring availability. Question 33. In a Kubernetes cluster, which component is responsible for ensuring the desired number of pod replicas are running? A) kube‑apiserver B) kube‑controller‑manager (specifically the Deployment controller) C) kube‑scheduler D) etcd Answer: B Explanation: The Deployment controller (part of kube‑controller‑manager) monitors and reconciles the replica count. Question 34. Which security control mitigates the risk of credential leakage in CI/CD pipelines? A) Storing secrets in plain‑text files within the repository
B) Using a secrets manager with automatic rotation and least‑privilege policies C) Hard‑coding API keys in build scripts D) Granting admin access to all pipeline users Answer: B Explanation: A managed secrets store provides encrypted storage, rotation, and fine‑grained access, protecting credentials. Question 35. An organization must retain logs for 7 years to satisfy compliance. Which storage tier provides low cost while still being readily accessible for audit? A) Hot Object Storage B) Cold (Glacier) Archive Storage with expedited retrieval option C) In‑memory cache D) Block Storage SSD Answer: B Explanation: Archive storage (e.g., Glacier) offers cheap long‑term retention with options for faster retrieval when needed for audits. Question 36. Which of the following is a key characteristic of a poly‑cloud strategy? A) Deploying identical workloads to a single cloud provider for redundancy. B) Using multiple cloud providers to leverage best‑of‑breed services for different workloads. C) Restricting all workloads to on‑premises data centers. D) Relying exclusively on open‑source tools without any cloud services. Answer: B Explanation: Poly‑cloud involves consuming services from several providers to capitalize on each provider’s strengths.
Answer: B Explanation: DBaaS offloads operational tasks such as patching, backups, and scaling to the provider, reducing administrative burden. Question 40. In a serverless application, which service typically handles the event‑driven invocation of functions based on changes in object storage? A. Load Balancer B. EventBridge / CloudWatch Events C. Object Storage notification configuration D. Direct API call from client Answer: C Explanation: Object storage services can emit notifications (e.g., S3 Event Notifications) that trigger serverless functions when objects are created or modified. Question 41. Which compliance framework specifically mandates the protection of electronic Protected Health Information (ePHI) in the United States? A. GDPR B. PCI‑DSS C. HIPAA D. SOC 2 Answer: C Explanation: HIPAA sets standards for safeguarding ePHI, requiring administrative, physical, and technical safeguards. Question 42. Which of the following is a benefit of using a service mesh in a microservices environment?
A. Centralized data storage B. Automatic code generation for services C. Observability, traffic management, and security (mTLS) without modifying application code D. Direct database connections across services Answer: C Explanation: Service meshes provide sidecar proxies that handle observability, routing, and mutual TLS, abstracting these concerns from services. Question 43. When designing a data lake on the cloud, which architectural principle ensures raw data is stored immutably and can be processed by multiple downstream services? A. Data Normalization B. Write‑once, read‑many (WORM) storage with zone‑based access control C. Frequent data deletion to save cost D. Storing data only in relational tables Answer: B Explanation: WORM storage preserves raw data integrity, allowing diverse analytics workloads without altering the original dataset. Question 44. Which of the following best describes “cold start” latency in serverless functions? A. Latency caused by network congestion. B. Time taken to provision a new execution environment when no warm instance exists. C. Delay due to disk I/O on the underlying VM. D. Latency introduced by encryption at rest. Answer: B
B. Multi‑master (or active‑active) replication with conflict‑resolution mechanisms. C. Storing data only in one region. D. Using DNS round‑robin without data replication. Answer: B Explanation: Multi‑master replication allows writes in multiple regions, using conflict resolution to maintain consistency while avoiding a single point of failure. Question 48. Which of the following is the most appropriate way to protect API keys used by serverless functions from accidental exposure in code repositories? A. Hard‑code the keys in the function source. B. Store keys in environment variables defined in the function configuration, encrypted at rest. C. Commit the keys in a plaintext file and ignore it in .gitignore. D. Use a public bucket to host the keys. Answer: B Explanation: Environment variables managed by the cloud provider are encrypted at rest and not stored in source code, reducing exposure risk. Question 49. When configuring a cloud‑native firewall, which rule type is essential for preventing data exfiltration from a compromised workload? A. Allow all outbound traffic. B. Deny all inbound traffic. C. Egress filtering that restricts outbound connections to approved destinations only. D. Ingress filtering based on source IP address only. Answer: C Explanation: Egress filtering limits where workloads can send data, mitigating data exfiltration risks.
Question 50. Which of the following best illustrates “Infrastructure as Code” (IaC) benefits? A. Manual configuration of each VM via SSH. B. Version‑controlled, repeatable deployments that reduce drift. C. Using a graphical UI to spin up resources. D. Relying on ad‑hoc scripts stored on a local workstation. Answer: B Explanation: IaC stores infrastructure definitions in code, enabling version control, repeatability, and reduced configuration drift. Question 51. A data warehouse workload requires high‑throughput analytical queries on petabytes of structured data. Which storage architecture is most suitable? A. Object storage with eventual consistency. B. Columnar storage with massively parallel processing (MPP). C. Block storage attached to a single VM. D. File storage accessed via NFS. Answer: B Explanation: Columnar MPP warehouses (e.g., Redshift, Snowflake) are optimized for large‑scale analytical queries. Question 52. Which of the following is a primary advantage of using a service‑level objective (SLO) in cloud reliability engineering? A. Guarantees zero downtime. B. Provides a measurable target for availability that drives error‑budget management. C. Eliminates the need for monitoring. D. Automatically reduces costs.