




















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This foundation-level exam assesses understanding of cloud computing concepts, service models, deployment models, virtualization, security, and cloud governance. It provides a strong baseline for individuals entering cloud-based roles or digital transformation initiatives.
Typology: Exams
1 / 92
This page cannot be seen from the preview
Don't miss anything!





















































































Question 1. Which of the following statements best matches the NIST definition of cloud computing? A) A set of distributed computers that users must manage individually. B) A model that enables ubiquitous, on‑demand network access to a shared pool of configurable computing resources. C) A private data center that offers virtualization services only to internal users. D) A collection of mainframe computers accessed via terminal emulators. Answer: B Explanation: NIST defines cloud computing as a model for enabling ubiquitous, convenient, on‑demand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications) that can be rapidly provisioned and released. Question 2. The shift from mainframe computing to modern cloud architectures primarily introduced which of the following capabilities? A) Fixed, monolithic hardware provisioning. B) Dynamic scaling of resources on demand. C) Exclusive use of proprietary operating systems. D) Manual installation of applications on each server. Answer: B Explanation: Cloud architectures allow resources to be allocated and released automatically, providing dynamic scaling, which contrasts with the static, fixed capacity of mainframe environments. Question 3. Moving from CapEx to OpEx in cloud adoption mainly affects which financial aspect for an organization? A) Increases upfront hardware purchase costs. B) Converts technology spending to a variable, usage‑based expense. C) Eliminates all costs associated with software licensing.
D) Requires long‑term contracts for all services. Answer: B Explanation: OpEx (operating expense) models charge based on actual consumption, allowing organizations to align costs with usage rather than large upfront capital expenditures (CapEx). Question 4. Which cloud characteristic most directly supports rapid time‑to‑market for new applications? A) Measured Service. B) Broad Network Access. C) On‑Demand Self‑Service. D) Resource Pooling. Answer: C Explanation: On‑Demand Self‑Service lets users provision compute, storage, and networking automatically without provider interaction, accelerating development and deployment cycles. Question 5. Global reach in cloud computing is primarily achieved through: A) Deploying physical servers in every country. B) Using a single data center with high‑speed internet. C) Leveraging a network of geographically dispersed data centers owned by the provider. D) Requiring customers to install their own hardware worldwide. Answer: C Explanation: Cloud providers operate multiple regions and availability zones worldwide, enabling customers to place workloads close to end users for reduced latency and compliance. Question 6. Multi‑tenancy in cloud services means: A) A single customer owns the entire physical infrastructure.
Question 9. The “Measured Service” characteristic is best illustrated by which of the following provider capabilities? A) Providing a fixed amount of storage regardless of usage. B) Offering a dashboard that shows CPU usage, bandwidth, and storage consumption for billing. C) Requiring manual meter reading of hardware. D) Allowing unlimited free usage of all services. Answer: B Explanation: Measured Service involves metering resource usage and providing transparent reports for billing and optimization. Question 10. Broad Network Access ensures that cloud services can be accessed via: A) Only desktop computers on a corporate LAN. B) Any device with an internet connection using standard protocols. C) Proprietary hardware terminals supplied by the provider. D) A dedicated leased line to the data center. Answer: B Explanation: Broad Network Access means services are reachable over the network from various devices (phones, tablets, laptops) using standard mechanisms. Question 11. In the SPI model, which layer provides the most control over the underlying hardware to the customer? A) Software as a Service (SaaS). B) Platform as a Service (PaaS). C) Infrastructure as a Service (IaaS). D) None; all layers abstract hardware equally. Answer: C
Explanation: IaaS delivers virtualized compute, storage, and networking, allowing customers to manage operating systems and applications directly on the hardware. Question 12. Which of the following is NOT a typical use case for IaaS? A. Hosting a static website on a virtual machine. B. Running high‑performance scientific simulations on scalable compute clusters. C. Providing a fully managed email service accessed through a web browser. D. Storing large data sets in block storage volumes. Answer: C Explanation: Fully managed email services are usually delivered as SaaS; IaaS provides raw infrastructure, not a complete application. Question 13. A developer wants to focus solely on writing code without managing servers or runtime environments. Which cloud service model best fits this need? A) IaaS B) PaaS C) SaaS D) DaaS (Desktop as a Service) Answer: B Explanation: PaaS supplies the runtime, middleware, and development tools, allowing developers to concentrate on application logic while the provider manages the underlying servers. Question 14. Which of the following is an example of a SaaS offering? A) Amazon EC2 virtual machines. B) Google Cloud SQL managed database service. C) Microsoft Office 365 delivered via a web browser.
A) Public Cloud B) Private Cloud C) Hybrid Cloud D) Community Cloud Answer: B Explanation: Private clouds are dedicated to a single organization and can be located on‑site or outsourced. Question 18. A consortium of universities sharing a common research infrastructure is an example of which cloud deployment model? A) Public Cloud B) Private Cloud C) Hybrid Cloud D) Community Cloud Answer: D Explanation: Community clouds are shared among organizations with common concerns such as research, security, or compliance. Question 19. Which of the following best describes a hybrid cloud architecture? A) All resources are owned and operated by a single vendor. B) Resources are split between on‑premises private infrastructure and public cloud services, with data and applications moving between them. C) Multiple public clouds are used without any private component. D) Only community‑owned hardware is used. Answer: B Explanation: Hybrid clouds combine private and public cloud resources, enabling workload portability and data sharing.
Question 20. Type 1 hypervisors differ from Type 2 hypervisors because they: A) Run on top of a host operating system. B) Install directly on bare metal hardware without a host OS. C) Require a graphical user interface for management. D) Are only used for desktop virtualization. Answer: B Explanation: Type 1 (bare‑metal) hypervisors run directly on hardware, providing better performance and isolation than Type 2, which run atop a host OS. Question 21. The primary function of a Virtual Machine Monitor (VMM) is to: A) Provide a user interface for cloud billing. B) Manage the allocation of physical resources to multiple virtual machines. C) Encrypt data at rest in storage devices. D) Perform network address translation for containers. Answer: B Explanation: A VMM abstracts physical hardware, scheduling CPU, memory, and I/O among virtual machines. Question 22. Server virtualization primarily helps organizations achieve which benefit? A) Increased physical server count. B) Consolidation of workloads onto fewer physical servers, improving utilization. C) Elimination of all security concerns. D) Mandatory use of proprietary operating systems. Answer: B
D) Containers cannot be orchestrated across multiple hosts. Answer: B Explanation: Containers use the host kernel, making them lightweight, whereas VMs encapsulate an entire OS, leading to higher resource consumption. Question 26. Docker is primarily used for: A) Managing physical servers. B) Packaging applications and their dependencies into portable containers. C) Automating network routing tables. D) Providing a SaaS email solution. Answer: B Explanation: Docker creates container images that bundle code, runtime, system tools, and libraries for consistent deployment. Question 27. In Kubernetes, a “pod” is: A) A physical server rack. B) The smallest deployable unit that can contain one or more tightly coupled containers. C) A type of load balancer. D) A storage volume. Answer: B Explanation: A pod encapsulates one or more containers that share networking and storage resources. Question 28. Which of the following is a benefit of using VM snapshots? A) Permanent data loss prevention. B) Ability to capture the exact state of a VM at a point in time for quick rollback.
C) Automatic scaling of compute resources. D) Encryption of network traffic. Answer: B Explanation: Snapshots record a VM’s disk and memory state, allowing restoration to that exact point if needed. Question 29. Auto‑Scaling Groups in a cloud environment are primarily used to: A) Manually add servers one at a time. B) Dynamically adjust the number of instances based on defined metrics such as CPU utilization. C) Encrypt data at rest. D) Provide a fixed IP address to all instances. Answer: B Explanation: Auto‑Scaling monitors metrics and automatically launches or terminates instances to match demand. Question 30. A load balancer that distributes incoming traffic across multiple instances improves: A) Security by encrypting all traffic. B) Availability and fault tolerance by preventing any single instance from becoming a bottleneck. C) Storage capacity. D) The number of API calls allowed per second. Answer: B Explanation: Load balancing spreads traffic, ensuring no single server is overloaded and providing redundancy. Question 31. Service Level Agreements (SLAs) in cloud contracts typically define:
Question 34. The difference between elasticity and scalability is that elasticity refers to: A) The ability to permanently add more resources. B) The rapid provisioning and de‑provisioning of resources in response to short‑term demand changes. C) Only vertical scaling of a single server. D) Fixed resource allocation. Answer: B Explanation: Elasticity is about quickly adjusting resources up or down as workload fluctuates, while scalability is the capacity to grow overall. Question 35. A stateless application in the cloud: A) Stores user session data on the local instance’s disk. B) Does not retain client‑specific data between requests, allowing any instance to handle any request. C) Requires a dedicated server for each user. D) Cannot be load balanced. Answer: B Explanation: Statelessness enables easy scaling and load balancing because no session affinity is needed. Question 36. Fault tolerance in cloud architecture is achieved primarily by: A) Running a single instance with high CPU. B) Replicating services across multiple availability zones or regions so that failure of one does not affect the overall service. C) Disabling automatic backups. D) Using only on‑premises hardware. Answer: B
Explanation: Redundant deployment across zones/regions ensures service continuity despite component failures. Question 37. Which backup strategy provides point‑in‑time recovery with minimal impact on production workloads? A) Full daily backups only. B) Incremental snapshots taken frequently. C) Manual copy‑paste of files. D) Storing backups on the same VM disk. Answer: B Explanation: Incremental snapshots capture only changes since the last snapshot, reducing storage use and performance impact while enabling precise recovery. Question 38. Encryption at rest protects data by: A) Securing data while it travels over the network. B) Encrypting data stored on disks, volumes, or object storage, making it unreadable without the decryption key. C) Obfuscating code in an application. D) Preventing users from logging in. Answer: B Explanation: Encryption at rest ensures that stored data cannot be accessed by unauthorized parties even if physical media are compromised. Question 39. TLS/SSL is primarily used for: A) Encrypting data stored in databases. B) Securing data in transit between client and server. C) Managing virtual machine lifecycles.
B) A routing table for inter‑region traffic. C) An encryption key manager. D) A DNS resolver. Answer: A Explanation: Security groups are stateful virtual firewalls applied to instances, defining allowed traffic. Question 43. Network ACLs differ from security groups because they: A) Are applied at the subnet level and are stateless, requiring explicit rules for both inbound and outbound traffic. B) Provide encryption for all traffic. C) Automatically scale with traffic volume. D) Replace the need for security groups. Answer: A Explanation: ACLs operate at the subnet boundary, are stateless, and evaluate each packet against inbound and outbound rule sets. Question 44. A CIDR block of 10.0.0.0/16 in a VPC provides: A) Exactly 16 IP addresses. B) 65,536 IP addresses for subnets and instances. C) A single IP address. D) Unlimited IP addresses. Answer: B Explanation: /16 indicates a netmask of 255.255.0.0, yielding 2^(32‑16) = 65,536 possible IPs. Question 45. A NAT gateway in a private subnet is used to:
A) Provide inbound internet access to private instances. B) Allow outbound internet traffic from private instances while keeping them non‑routable from the internet. C) Encrypt traffic between VPCs. D) Replace the need for a VPN. Answer: B Explanation: NAT gateways enable outbound connections for resources without exposing private IPs to inbound internet traffic. Question 46. A site‑to‑site VPN connection between an on‑premises data center and a cloud VPC primarily provides: A) Direct fiber connection with zero latency. B) Encrypted tunnel over the public internet for secure communication. C) Automatic migration of all workloads to the cloud. D) Public IP addresses for all on‑premises servers. Answer: B Explanation: Site‑to‑site VPN creates an IPsec‑encrypted tunnel over the internet, linking the two networks securely. Question 47. Edge locations in a cloud provider’s network are primarily used for: A) Running compute‑intensive batch jobs. B) Caching content close to end users to reduce latency (e.g., via CDN services). C. Storing long‑term archival data. D. Managing IAM policies. Answer: B Explanation: Edge locations host CDN caches and other services that bring data nearer to users, improving performance.
Explanation: Reserved Instances lock in capacity and pricing, delivering cost savings for predictable workloads. Question 51. Spot instances are attractive for workloads that: A. Require guaranteed uptime 24/7. B. Can tolerate interruptions and are flexible in start/stop times. C. Must run on dedicated hardware. D. Need high‑performance GPUs exclusively. Answer: B Explanation: Spot instances are offered at steep discounts but can be reclaimed by the provider, making them suitable for fault‑tolerant, flexible tasks. Question 52. A savings plan in cloud billing primarily provides: A. Unlimited free usage of all services. B. Discounted rates based on a committed spend (e.g., $/hour) across multiple services, offering flexibility over specific instance types. C. Automatic backup of all data. D. Free network egress. Answer: B Explanation: Savings plans let customers commit to a usage amount, receiving reduced rates across eligible services, without tying to a single instance family. Question 53. In cloud monitoring, CloudWatch (or equivalent) is used to: A. Encrypt data at rest. B. Collect metrics, logs, and set alarms for resources, enabling proactive management. C. Deploy containers automatically.
D. Manage IAM users. Answer: B Explanation: Monitoring services aggregate performance data, logs, and can trigger notifications or auto‑scaling actions. Question 54. An audit log that records every API call made to a cloud account helps with: A. Reducing compute costs. B. Demonstrating compliance, detecting unauthorized activity, and forensic analysis. C. Increasing storage capacity. D. Automating code deployment. Answer: B Explanation: Audit logs provide a tamper‑evident record of actions, essential for security and compliance. Question 55. Which compliance framework specifically addresses the protection of health‑information in the United States? A. GDPR B. PCI DSS C. HIPAA D. ISO 27001 Answer: C Explanation: HIPAA (Health Insurance Portability and Accountability Act) sets standards for safeguarding protected health information (PHI). Question 56. Data durability of 99.999999999% (eleven nines) typically refers to: A. The probability that data will be lost within a year.