Knowledge Check - Platform Architecture Overview
Test your understanding of the key concepts from Module 1. Select the best answer for each question, then submit to see your results. You need to score at least 60% to pass.
A solutions architect is onboarding to IONOS and needs the correct mental model for the platform. A colleague refers to "the Data Center Designer" and "a Virtual Data Center" interchangeably. How should the architect correct this conflation?
The Data Center Designer is the graphical control surface (how you create and manage resources), whereas a Virtual Data Center is the organising boundary where resources reside, and it is pinned to a single region. Treating them as the same thing hides the fact that VDC placement fixes region, segmentation, and the shared network in one near-permanent decision.
FinCorp is designing a customer-facing regulated application. The architect wants the default IONOS enterprise shape so that the relational database is never reachable from the internet. Which topology should be the starting point?
The canonical shape narrows trust from a public L7 ALB to a stateless compute tier to a private L4 NLB to a private-only data tier, so the database has no public interface at all. The distractors either expose the data tier or rely on a security group to protect a managed balancer, which is impossible because NSGs and NIC firewalls do not bind to the managed ALB or NLB.
An architect notes that IONOS firewalls and Network Security Groups bind to server NICs at the VDC level and do not apply to the Managed ALB, the Managed NLB, or the Kubernetes cluster abstraction. What design conclusion follows?
Since the managed balancers and the cluster abstraction cannot be protected by NIC firewalls or NSGs, the network tier a resource sits in is what determines its exposure, making segmentation the primary control. A LAN is private until explicitly connected to the internet, so leaving the data tier on a private LAN is the correct, low-effort isolation.
FinCorp's relational workload is read-heavy and the team asks the architect to provision read replicas, as they would on a hyperscaler. IONOS managed databases offer no read replicas. What is the correct native approach?
The native substitution for read replicas is a cache plus connection pooling: the cache absorbs read-heavy traffic and the pooler keeps the connection count within the database's RAM-derived ceiling. The platform composes this capability from primitives rather than selling a managed read-replica feature, and there is no managed change-data-capture stream off the databases to repurpose.
FinCorp must guarantee that no foreign jurisdiction can compel disclosure of its data, and its auditors will scrutinise every compliance claim. Which statement reflects the correct, defensible position?
Legal sovereignty is a property of operator jurisdiction, so an EU region of a US-operated provider still carries CLOUD Act exposure, whereas IONOS is EU-operated. C5 is an attestation and IT-Grundschutz is a certification, their service scopes differ (Cubes is in C5 but not IT-Grundschutz; Backup and Managed Kubernetes are in IT-Grundschutz but not C5), so a claim must name the service, credential, type, and date rather than generalising to the whole platform.