Q126. A list of CVEs was identified on a web server. The systems administrator decides to close the ports and disable weak TLS ciphers. Which of the following describes this vulnerability management stage?

Q127. A critical security patch is required on a network load balancer in a public cloud. The organization has a major sales conference next week, and the Chief Executive Officer does not want any interruptions during the demonstration of an application behind the load balancer. Which of the following approaches should the cloud security engineer take?

Q128. A cloud engineer wants to implement a disaster recovery strategy that:
– Is cost-effective.
– Reduces the amount of data loss in case of a disaster.
– Enables recovery with the least amount of downtime.
Which of the following disaster recovery strategies best describes what the cloud engineer wants to achieve?

Q129. An organization’s security policy states that software applications should not exchange sensitive data in cleartext. The security analyst is concerned about a software application that uses Base64 to encode credit card dat a. Which of the following would be the best algorithm to replace Base64?

Q130. A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.

INSTRUCTIONS
Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.
Web app 1

Web app 2

Web app 3

Web app 4

Client app

Q131. Which of the following are best practices when working with a source control system? (Select two).

Q132. An IT manager is migrating the production environment to the cloud but needs to keep control of the operating systems, patches, and settings of all resources. Which of the following deployment models will best meet the requirements?

Q133. A systems administrator notices a surge of network traffic is coming from the monitoring server. The administrator discovers that large amounts of data are being downloaded to an external source. While investigating, the administrator reviews the following logs:

Which of the following ports has been compromised?

Q134. An administrator needs to adhere to the following requirements when moving a customer’s data to the cloud:
* The new service must be geographically dispersed.
* The customer should have local access to data
* Legacy applications should be accessible.
Which of the following cloud deployment models is most suitable?

Q135. An administrator receives a ticket indicating the accounting application is not working. Which of the following should the administrator check FIRST?

Q136. A cloud engineer was deploying the company’s payment processing application, but it failed with the following error log:
ERFOR:root: Transaction failed http 429 response, please try again Which of the following are the most likely causes for this error? (Select two).

Q137. A cloud architect is reviewing the design for a new cloud-based ERP solution. The solution consists of eight servers with a single network interface. The allocated IP range is 172.16.0.0/28.
One of the requirements of the solution is that it must be able to handle the potential addition of
16 new servers to the environment. Because of the complexity of the firewall and related ACL requirements, these new servers will need to be in the same network range. Which of the following changes would allow for the potential server addition?

Q138. A developer is deploying a new version of a containerized application. The DevOps team wants:
* No disruption
* No performance degradation
* Cost-effective deployment
* Minimal deployment time
Which of the following is the best deployment strategy given the requirements?

Q139. A systems administrator notices several VMs are constantly ballooning, while the memory usage of several other VMs is significantly lower than their resource allocation. Which of the following will MOST likely solve the issue?

Q140. Which of the following cloud deployment strategies is best for an organization that wants to run open-source workloads with other organizations that are sharing the cost?

Q141. Which of the following describes what CRUD is typically used for?

Q142. A cross-site request forgery vulnerability exploited a web application that was hosted in a public laaS network. A security engineer determined that deploying a WAF in blocking mode at a CDN would prevent the application from being exploited again. However, a week after implementing the WAF, the application was exploited again. Which of the following should the security engineer do to make the WAF control effective?

Q143. Which of the following is the most cost-effective and efficient strategy when migrating to the cloud?

Q144. An organization’s web application experiences penodic bursts of traffic when a new video is launched. Users are reporting poor performance in the middle of the month. Which of the following scaling approaches should the organization use to scale based on forecasted traffic?