(DNSSEC)Network time protocol (NTP)Network time security (NTS)EncryptionIPSecTransport layer security (TLS)Hypertext transfer protocol secure (HTTPS)TunnelingSecure Shell (SSH)Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)Generic routing encapsulation (GRE)Network servicesFirewallsStatefulStatelessWeb application firewall (WAF)Application delivery controller (ADC)Intrusion protection system (IPS)/Intrusion detection system (IDS)Data loss prevention (DLP)Network access control (NAC)Packet brokersLog and event monitoringNetwork flowsHardening and configuration changesDisabling unnecessary ports and servicesDisabling weak protocols and ciphersFirmware upgradesControl ingress and egress trafficWhitelisting or blacklistingProxy serversDistributed denial of service (DDoS) protection
3.0 Deployment
Exam Objective | Chapters |
3.1 Given a scenario, integrate components into a cloud solution.Subscription servicesFile subscriptionsCommunicationsEmailVoice over IP (VoIP)MessagingCollaborationVirtual desktop infrastructure (VDI)Directory and identity servicesCloud resourcesIaaSPaaSSaaSProvisioning resourcesComputeStorageNetworkApplicationServerlessDeploying virtual machines (VMs) and custom imagesTemplatesOS templatesSolution templatesIdentity managementContainersConfigure variablesConfigure secretsPersistent storageAuto-scalingPost-deployment validation | 1, 2, 7, 8 |
3.2 Given a scenario, provision storage in cloud environments.TypesBlockStorage area network (SAN)ZoningFileNetwork attached storage (NAS)ObjectTenantsBucketsTiersFlashHybridSpinning disksLong-termInput/output operations per second (IOPS) and read/writeProtocolsNetwork file system (NFS)Common Internet file system (CIFS)Internet small computer system interface (iSCSI)Fibre Channel (FC)Non-volatile memory express over fabrics (NVMe-oF)Redundant array of inexpensive disks (RAID)015610Storage system featuresCompressionDeduplicationThin provisioningThick provisioningReplicationUser quotasHyperconvergedSoftware-defined storage (SDS) | 2 |
3.3 Given a scenario, deploy cloud networking solutions.ServicesDynamic host configuration protocol (DHCP)NTPDNSContent delivery network (CDN)IP address management (IPAM) | 2 |
Virtual private networks (VPNs)Site-to-sitePoint-to-pointPoint-to-siteIPSecMultiprotocol label switching (MPLS)Virtual routingDynamic and static routingVirtual network interface controller (vNIC)SubnettingNetwork appliancesLoad balancersFirewallsVirtual private cloud (VPC)Hub and spokePeeringVLAN/VXLAN/GENEVESingle root input/output virtualization (SR-IOV)Software-defined network (SDN) | 2 |
3.4 Given a scenario, configure the appropriate compute sizing for a deployment.VirtualizationHypervisorsType 1Type 2Simultaneous multi-threading (SMT)Dynamic allocationsOversubscriptionCentral processing unit (CPU)/virtual CPU (vCPU)Graphics processing unit (GPU)VirtualSharedPass-throughClock speed/Instructions per cycle (IPC)HyperconvergedMemoryDynamic allocationBallooning | 2 |
3.5 Given a scenario, perform cloud migrations.Physical to virtual (P2V)Virtual to virtual (V2V)Cloud-to-cloud migrationsVendor lock-inPaaS or SaaS migrationsAccess control lists (ACLs)FirewallsStorage migrationsBlockFileObjectDatabase migrationsCross-service migrationsRelationalNon-relational | 2 |
4.0 Operations and Support
Exam Objective | Chapters |
4.1 Given a scenario, configure logging, monitoring, and alerting to maintain operational status.LoggingCollectorsSimple network management protocol (SNMP)SyslogAnalysisSeverity categorizationAuditsTypesAccess/authenticationSystemApplicationAutomationTrendingMonitoringBaselinesThresholdsTaggingLog scrubbingPerformance monitoringApplicationInfrastructure componentsResource utilizationAvailabilitySLA-defined uptime requirementsVerification of continuous monitoring activitiesService management tool integrationAlertingCommon messaging methodsEnable/disable alertsMaintenance modeAppropriate responsesPolicies for categorizing and communicating alerts |
1, 7,
|