Act now and download your EMC E20-020 test today! Do not waste time for the worthless EMC E20-020 tutorials. Download Up to date EMC Cloud Infrastructure Specialist Exam for Cloud Architects exam with real questions and answers and begin to learn EMC E20-020 with a classic professional.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for EMC E20-020 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW E20-020 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/E20-020-exam-dumps.html
Q21. A cloud architect is designing a hybrid cloud for an organization. A requirement for this environment is that the private cloud user credential be trusted by both cloud provisioning APIs. Which type of authentication will meet this requirement?
A. Federated authentication
B. Asymmetric encryption
C. Symmetric encryption
D. Shared-key authentication
Answer: A
Explanation: A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
Explanation: References:
https://en.wikipedia.org/wiki/Federated_identity
Q22. A cloud architect is evaluating an organization's need for encryption. Which type of encryption eliminates the requirement for key management?
A. Embedded
B. File-based
C. File system-based
D. Virtual disk
Answer: D
Explanation: The most convenient form of encryption is disk/volume encryption. If you have any data on an existing Virtual Machine (VM), you can easily add an encrypted disk or volume. Then, when you unmount the encrypted volume (or power off the server), as long as you don't store the encryption key on the server, your data is safe.
The drawback with this type of encryption however is that if your server gets compromised somehow, there is a possibility that the attacker could capture your passphrase/key (and/or data) the next time you mount the disk image. Incorrect:
Not C: Filesystem-level encryption, often called file/folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. Each file can be and usually is encrypted with a separate encryption key.
Explanation: References:
https://www.cloudsigma.com/securing-your-data-in-the-cloud-with-encryption/
Q23. An organization wants to provide backup services in the cloud. They have no backup infrastructure in place. The organization has concerns about losing data if a site disaster occurs. They want to maintain control of backup data placement because of data privacy laws. Finally, they want to maintain at least one month's worth of backups onsite. Which backup solution will meet these requirements?
A. Local backup
B. Remote backups
C. Local backup with replication
D. Local backups with cloud gateway
Answer: D
Explanation: Cloud gateway allows EMC customers to move on-premise data from EMC arrays to public cloud storage providers. Clod gateway facilitate data migration from on-premises to a public cloud storage service to create a true hybrid cloud storage environment.
Cloud gateways such as Riverbed's SteelStore (formally known as Whitewater) can act as a local backup target for funneling data to a storage cloud for offsite storage.
Explanation: References:
http://blogs.forrester.com/henry_baltazar/14-07-09-gateways_will_accelerate_data_migration_to_the_cloud
Q24. What needs to be considered when designing a distributed storage solution?
A. Multiple management tools
B. Fault domain detection and isolation to ensure data availability
C. RAID configuration to ensure a drive failure is avoided
D. Automated storage tiering to enable efficient use of drive
Answer: B
Explanation: A distributed data store is a computer network where information is stored on more than one node, often in a replicated fashion. Distributed data stores typically use an error detection and correction technique. Some distributed data stores (such as Parchive over NNTP) use forward error correction techniques to recover the original file when parts of that file are damaged or unavailable. Others try again to download that file from a different mirror. Explanation:
References: https://en.wikipedia.org/wiki/Distributed_data_store
Q25. An organization wants to provide its developers with the ability to deploy virtual machines. These virtual machines have software and libraries installed that are used to develop applications. Each virtual machine will be configured with the same IP address and will be able to download application code from a central server. Which will be included in the design to support these requirements?
A. VSANs and virtual firewall appliances
B. VLANs and virtual firewall appliances
C. VLANs and virtual IDS appliances
D. VXLANs and an OS firewall
Answer: D
Explanation: Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. VXLAN will make it easier for network engineers to scale out a cloud computing environment while logically isolating cloud apps and tenants.
Explanation: References:
http://whatis.techtarget.com/definition/VXLAN
Q26. An organization wants to deploy SaaS applications in their cloud. The SaaS applications will be using application HA to maintain up-time levels of 99.9%.
What should the cloud architect include in the design to support this up-time requirement?
A. Sufficient host capacity
B. Quorum disks
C. Replication licenses for hypervisors
D. HA licenses for hypervisors
Answer: D
Q27. A cloud architect has determined that the cloud management infrastructure requires an authentication and PKI environment. In addition, each tenant will require its own authentication and PKI environment. What describes these separate environments in a cloud design document?
A. Availability zones
B. Fault domains
C. Multi-tenancy
D. Trust zones
Answer: C
Explanation: The term "software multitenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the software instance.
Incorrect:
Not A: Availability zones (AZs) are isolated locations within data center regions from which public cloud services originate and operate.
Not B: A fault domain is a set of hardware components - computers, switches, and more - that share a single point of failure.
Not D: Zones of trust are a defined area of the system where by by necessity, by the presence of key information assets and by the wider environmental context the connections within the zone are treated as at the same level of trust. This effectively couples the components within that subsystem for security purposes.
References:
https://en.wikipedia.org/wiki/Multitenancy
Q28. Which aspect of the project definition does the cloud design scope provide?
A. Broad directions for the project
B. Boundaries of what the project should and should not include
C. Sales figures that must be met when designing the project
D. Specific features or functions that must be included in the project
Answer: D
Q29. An organization plans to build a cloud using some of the existing data center infrastructure. Specifically, they want to use the existing FC storage infrastructure to support cloud hosts. However, they want to logically separate the cloud storage traffic from the existing data center storage traffic within this infrastructure. Which mechanism can be used to meet this requirement?
A. MPIO
B. VLAN
C. VSAN
D. Masking
Answer: D
Explanation: The use of VSANs allows the isolation of traffic within specific portions of the network. If a problem occurs in one VSAN, that problem can be handled with a minimum of disruption to the rest of the network. VSANs can also be configured separately and independently.
Note: Virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources. Conversely, multiple switches can join a number of ports to form a single VSAN.
Incorrect:
Not A: Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays.
MPIO is protocol-independent and can be used with Fibre Channel, Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces in Windows Server® 2008, Windows Server 2008 R2 and Windows Server 2012.
Not D: Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. LUN masking operates at Layer 4 of the Fibre Channel protocol.
Reference: https://en.wikipedia.org/wiki/VSAN
Q30. A cloud architect is evaluating an organization's need to support thousands of virtual machine instances and some form of encryption. Which encryption type should be selected and why?
A. Storage array encryption to provide centralized management
B. Full file systems encryption to simplify key management
C. Network-based encryption to increase security at the cost of server overhead
D. Self-encrypting storage devices to increase security at the cost of increased overhead
Answer: B