We provide real E20-020 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EMC E20-020 Exam quickly & easily. The E20-020 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EMC E20-020 dumps pdf and vce product and material, you can easily pass the E20-020 exam.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for EMC E20-020 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW E20-020 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/E20-020-exam-dumps.html

Q1. In a cloud design, an architect has defined a separate trust zone for host management. The hosts will be running open source hypervisors.

What should be included in the design deliverables to support this separate trust zone?

A. Isolated management network and a common super-user account

B. Separate PKI and encrypted CMI portal access

C. Separate authentication source and a preferred zone set

D. Isolated management network and a separate authentication source

Answer:


Q2. Which categories of network traffic should be isolated from inter-host communication and each other?

A. Logging and messaging

B. Cloud services and administration

C. Administration and storage

D. Messaging and storage

Answer: B


Q3. A cloud architect is designing a hybrid cloud for an organization. A requirement for this environment is that the private cloud user credential be trusted by both cloud provisioning APIs. Which type of authentication will meet this requirement?

A. Federated authentication

B. Asymmetric encryption

C. Symmetric encryption

D. Shared-key authentication

Answer: A

Explanation: A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

Explanation: References:

https://en.wikipedia.org/wiki/Federated_identity


Q4. Which additional considerations must a cloud monitoring system address compared to a traditional monitoring system?

A. Tenant isolation, orchestration, and elastic workloads

B. Orchestration, elastic workloads, and Data at Rest security

C. Elastic workloads, Data at Rest security, and tenant isolation

D. Data at Rest security, tenant isolation, and orchestration

Answer: C

Explanation: * Encrypt data-at-rest

Encryption is your front-line defense for defending data-at-rest. It limits access to those with the right keys - locking out anyone who doesn't have them.


Q5. An organization plans to deploy many cloud-native applications that will generate a considerable amount of east-west traffic. The cloud-native applications will be deployed on hosts running hyppervisors. Why would distributed routers be considered in this design?

A. Enable network segment

B. Improve network performance between hosts

C. Minimize Internet traffic

D. Protect against a physical router failure

Answer: B

Explanation: Distributed Virtual Router (DVR) aims to isolate the failure domain of the traditional network node and to optimize network traffic by eliminating the centralized L3 agent. It does that by moving most of the routing previously performed on the network node to the compute nodes.

* East/west traffic (Traffic between different networks in the same tenant, for example between different tiers of your app) previously all went through one of your network nodes whereas with DVR it will bypass the network node, going directly between the compute nodes hosting the VMs. Etc. Explanation:

References:

http://assafmuller.com/2015/04/15/distributed-virtual-routing-overview-and-eastwest-routing/


Q6. A cloud architect is designing a private cloud for an organization. The organization has no existing backup infrastructure. They want to offer consumers the ability to backup virtual machine instances using image-based backups.

What should the cloud architect look for when selecting a backup application for this environment?

A. Virtual machine hardware is on the backup application vendor's compatibility list

B. Hypervisor servers' hardware is on the backup application vendor's compatibility list

C. Backup application can be integrated with the selected CMP components

D. Backup application supports a cloud gateway for accessing the cloud-based virtual machines

Answer: D

Explanation: A cloud storage gateway provides basic protocol translation and simple connectivity to allow the incompatible technologies to communicate transparently. The gateway can make cloud storage appear to be a NAS filer, a block storage array, a backup target or even an extension of the application itself.

Explanation: References:

http://searchcloudstorage.techtarget.com/definition/cloud-storage-gateway


Q7. You are designing consumer compute resources in an onsite private cloud. During an assessment, you discover that the organization's IT staff wants secure access to the underlying host OS. What should be included in the design to support this requirement?

A. Host IDS configurationSecure key infrastructure Bridged management network

B. Perimeter firewall configuration VPN encryption Separate management network

C. Host OS firewall configuration Central logging Physically isolated management network

D. Host OS firewall configuration Secure key infrastructure Separate management network

Answer: B


Q8. An organization plans to build a cloud using some of the existing data center infrastructure. Specifically, they want to use the existing FC storage infrastructure to support cloud hosts. However, they want to logically separate the cloud storage traffic from the existing data center storage traffic within this infrastructure. Which mechanism can be used to meet this requirement?

A. MPIO

B. VLAN

C. VSAN

D. Masking

Answer: D

Explanation: The use of VSANs allows the isolation of traffic within specific portions of the network. If a problem occurs in one VSAN, that problem can be handled with a minimum of disruption to the rest of the network. VSANs can also be configured separately and independently.

Note: Virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Ports within a single switch can be partitioned into multiple VSANs, despite sharing hardware resources. Conversely, multiple switches can join a number of ports to form a single VSAN.

Incorrect:

Not A: Microsoft Multipath I/O (MPIO) is a Microsoft-provided framework that allows storage providers to develop multipath solutions that contain the hardware-specific information needed to optimize connectivity with their storage arrays.

MPIO is protocol-independent and can be used with Fibre Channel, Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces in Windows Server® 2008, Windows Server 2008 R2 and Windows Server 2012.

Not D: Logical Unit Number Masking or LUN masking is an authorization process that makes a Logical Unit Number available to some hosts and unavailable to other hosts. LUN masking operates at Layer 4 of the Fibre Channel protocol.

Reference: https://en.wikipedia.org/wiki/VSAN


Q9. After developing prototype applications in the public cloud, developers determined that they want softwaredefined network functionality. Which ability will this requirement provide for the developers?

A. Programmatically provision an IPsec VPN tunnel between the public and private clouds

B. Programmatically migrate layer-3 access from aggregate to access switches

C. Programmatically control physical core network topologies

D. Programmatically provision physical network segments and services

Answer: D

Explanation: Software-defined networking (SDN) is an approach to computer networking that allows network administrators to manage network services through abstraction of higher-level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane).

Reference: https://en.wikipedia.org/wiki/Software-defined_networking


Q10. What is a benefit of a service catalog?

A. Handles every IT request simultaneously

B. Allows users to customize tenant roles

C. Services do not have to meet the standards set by the business

D. Enables the application of quotas on resources to control cost

Answer: D