A large marketing company is in the initial stages of assessing their suitability for ITaaS. You, the
cloud architect, interview the IT personnel and discover the following:
The company does not maintain a CMDB of their virtual server environment.
Security software to protect the network from unauthorized external access is inadequate.
Standardized services offering, self-service provisioning, and consumption-based reporting
capabilities do not exist.
Where would you document your findings?

You are a cloud consultant recently assigned to help an international pharmaceutical manufacturer
implement ITaaS. The company has a well-staffed, highly technical IT organization.
There are concerns that implementing ITaaS will be met with resistance, because the IT group
may feel that their job security is threatened.
You are seeking an individual within the organization to fill the role of Executive Sponsor for the
ITaaS transformation project. Which individual would be the best candidate to fill this role?

An IT security team is concerned about the authentication traffic patterns that may be required to
integrate the private and public clouds. As a result, IT has elected to federate their active directory
using ADFS from the private cloud to the public cloud.
One of the design decisions is whether to use a Layer 2, 3, or 7 firewall / switch mechanism
between the public and private clouds. There are trade-offs with each choice.
Which network layer would best address this situation, and why?

An organization is expanding its private cloud to a hybrid deployment to accommodate growth in
its web / database application. The CIO is concerned about the security risks associated with the
public cloud. They do not view firewall security as adequate to protect important company data.
Encryption is being considered as a security measure.
As the cloud architect, what would you recommend?

A company has deployed a fully operational, private PaaS service. The service catalog links to an
orchestration engine that builds servers automatically.
What is the primary reason the IT security risk team is proposing the use of strong authentication
for all service catalog users?

A marketing company is using a Customer Relationship Management SaaS. The SaaS provider
has deployed hardware load balancers to distribute users between application servers. User login
states are preserved in the load balancer. Subsequent login requests direct each user to the same
application server. If the server is unavailable or too busy, the user cannot log on.
Although the company is very happy with the SaaS cost savings they are unhappy with application
availability. To improve application scalability the SaaS provider added new servers to the
environment. Users, however, are still experiencing the same problem.
Which service characteristic should the SaaS provider implement to improve the user log-on
reliability and scale application performance?

The first phase of new ITaaS service introduces the offering to 10% of the engineering
organization. The IT organization leverages the management tools used in their traditional data
center processes to provide visibility into silos and control of the infrastructure. They also have
adapted some ITSM concepts as a framework for their management practices.
During the initial phase of the service deployment, a problem was encountered in one of the VMs.
The IT organization is concerned about the extensive amount of time and resources spent
determining the cause of the issue.

As a consultant, what should you recommend to prevent these types of service issues?

A public cloud service provider has stated they intend to improve their IT capabilities in the
following areas:
1 – Monitor storage usage patterns and identify bottlenecks
2 – More comprehensive element management
3 – Holistic visibility across their storage services
4 – VMware provisioning
5 – Identifying opportunities to move data to more cost effective storage
Which three areas is ProSphere best suited to address?

A bank is building a private cloud. They plan to offer services to customers and administrative
staff. Each group has access to different levels of sensitive data with different performance
characteristics. In addition, the bank must comply with PCI regulations when handling certain

types of data on a small number of services.
What should a cloud architect recommend to the bank during the cloud design phase?

A startup company is transitioning from a public cloud to a private cloud environment. As a first
step, they will transition to a hybrid cloud model.
What is the best option for an interim single sign-on solution that can also be leveraged once the
private cloud is fully implemented?