Knowledge Check - Best-Practice Architecture

Test your understanding of the key concepts from Module 8. Select the best answer for each question, then submit to see your results. You need to score at least 60% to pass.

1.

A FinCorp tier must scale out automatically under variable load. An architect configures a VM Auto Scaling group with a scale-out threshold at 70% CPU and a scale-in threshold at 50% CPU, expecting the 20-point band to hold the group steady. The platform rejects the policy. Which rule has been violated, and what is the correct design principle?

2.

An architect has produced a functionally complete design for FinCorp's regulated containerised processing, running it on Managed Kubernetes, and now applies the sovereignty and attestation filter. The workload contractually requires BSI C5 coverage. What does the filter reveal, and what is the correct conclusion?

3.

In the reference architecture, the request path is deliberately layered: a public balancer at the edge and a private balancer in front of the data tier. An engineer proposes a single Layer 4 NLB at both positions to standardise, and proposes wrapping each managed balancer in a Network Security Group for filtering. Why does the reference design reject both proposals?

4.

The capstone build stitches the per-module pieces into one VDC. A team provisions resources in this order: they create the private Layer 4 NLB, then the data-tier servers it should serve, then a NAT Gateway, and they expect private workloads to reach the internet as soon as the NAT Gateway exists. Which assessment of their sequence is correct?

5.

FinCorp's auditor asks the architect to show, service by service, which BSI recognition covers each component of the deployed design. The architect must answer precisely rather than claiming the platform is certified. Which statement reflects the correct service-by-service compliance mapping?