A cloud engineer deployed an email server in a public cloud. Users can access the email server, but the emails they send cannot reach their destinations. Which of the following should the cloud engineer do FIRST?

A. Confirm the email server configuration and reinstall the email server software.

B. Validate the security certificate for the email domain.

C. Confirm email encryption service.

D. Consult the cloud vendor's anti-spam policy.

The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window. Which of the following is the MOST efficient way to get the patches installed?

A. Use the patch management tool to automate and orchestrate the patch installation.

B. Use a security vulnerability scanning tool to apply the patch automatically.

C. Schedule the patch to install from a remote file server upon server reboot.

D. Connect the server instances to the Internet to download the patch automatically.

The legal department requires eDiscovery of hosted file shares. To set up access, which of the following is the BEST method to ensure the eDiscovery analyst only has the ability to search but not change configuration or settings?

A. PKI

B. SSO

C. MFA

D. RBAC

A cloud administrator is receiving alerts that the disk on several systems is 90% full. Upon reviewing the systems, the administrator determines that the log directory is using 50% of the disk. The company has a 14-day retention policy for all logs. Which of the following is the BEST solution to implement to minimize future alerts?

A. Orchestrate a job to rotate the logs and upload to external storage.

B. Delete any log files in the directory that are larger than 20MB.

C. Archive the existing logs in the directory and upload to external storage.

D. Add additional storage space to the log directory for the servers.

Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise?

A. Forward the email to the systems team distribution list and provide the compromised user list.

B. Click on the URL link to verify the website and enter false domain credentials.

C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.

D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.

Several SaaS providers support identity federation for authentication. Which of the following would BEST assist in enabling federation?

A. SAML

B. NTLM

C. MFA

D. PKI

The CASB report indicates several unsanctioned SaaS applications are being used in an organization. Which of the following is the MOST likely cause?

A. VPN bypass

B. Shadow IT

C. Web proxy bypass

D. CAB approval

Which of the following protocols allows fibre channel to be transmitted over the network?

A. HBA

B. FCoE

C. NFS

D. iSCSI

Which of the following would MOST likely require a cold migration?

A. Moving VMs between hosts on different continents

B. Moving VMs between hosts with different RAM configurations

C. Moving VMs between hosts with different CPU architectures

D. Moving VMs between hosts in different network segments

A new cloud infrastructure needs to meet the following requirements:

1.

Resources are accessible to internal and external clients.

2.

Existing hardware assets are utilized.

3.

Security controls are managed by company employees.

Which of the following deployment models BEST fit these requirements?

A. Public cloud using IPS

B. Community cloud with IDS

C. Private cloud with a DMZ

D. Public cloud using PaaS