Question 2 of 30 from exam CV0-002: CompTIA Cloud+
Question
SIMULATION - A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions.
For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel.
The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
Review the network architecture and supporting documents and fulfill these requirements: Part 1: 1
Analyze the configuration of the following components: DNS, Firewall1, Firewall2, Router1, Rouler2, VPN and Orchestrator Server.
2
Identify the problematic device(s)
Part 2: 3
Identify the correct options to provide adequate configuration for hybrid cloud architecture.
Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button.
When you have completed the simulation, please select the Done button to submit.
Once the simulation is submitted, please select the Next button to continue.
Simulation -
![PART 1
Instruction: Click on each device to review more information of DNS, Firewallt, Firewall2,
Router, Router2, VPN and Orchestration Server.
[7] oNs Provider
Firewalt [~]
(7) Firewan2
Site-to-Site IPSec Tunnel
Router ["]
mid (J) Load Balancer
10.1.1.024 [ 101.2024
0 0 oO 0 i) O
Application Database ‘Appitcation Server Cluster
Server Server
PART2 Gitckable items](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000400001.png)
![PART1
struction: Click on each device to review more information of DNS, Firewall1, Firewall2,
Router, Router2, VPN and Orchestration Server.
(71 oNs Provider
Firewatt [] | an ieee
>) Firewaltt Oe
Firewallt Configuration |) Firewata
Source Destination Port :
‘ny REE] 80.443 H
Rowers [J | q ana ca =n | Router?
(_] Load Balancer
7 Oo im Oo go im Oo
ne Application Sener Chster
‘Serer ‘Server ‘Server
SU [rare](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000500001.png)
![lick on each device to review more information of DNS, Firewall1, Firewall2,
Router, Router2, VPN and Orchestration Server.
| J ons Provider
Router Configuration
Public IP: 1.4.4.1 Firewall
Intermal IP: 10.1.1.1724
-ggp} Site-to-Site VPN Configuration
Rowers [] ‘Address Space: 10.11.0124 Router 2
«subnet: 255.255.2550
PSK: Cloudo0t
IKE: SHA1/AES256/DH2/SA Lifetime: 28800
Load Balancer
Orchestration Application Database Application Server Cluster
Server Server Server
[Parra Ciickable items](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000600001.png)
![PART1
Instruction: Click on each device to review more information of DNS, Firewallt, Firewall2,
Router1, Router2, VPN and Orchestration Server.
oP oe
H fee)
Name Type Value Weight | Firewall2
‘wwew mycorp.com CNAME onpremmycorp.com 20%
www mycorp.com CNAME cloud mycorp.com_ 80%
|| onpremmycorp.com A FERRI -
Router 1 [] || _cloudmycorp.com A 22.22 = Router2
TS Load Balancer
101.1024 ] [ 1012024
Oo oO oO Oo Oo oO Oo
Orchestration Application Database ‘Application Server Custer
Sener Sener Sener
(a ]
Clickable items](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000700001.png)
![PART1
Instruction: Click on each device to review more information of DNS, Firewall1, Firewall2,
Router, Router2, VPN and Orchestration Server.
[11 ONS Prowaer
is
<™) Firewall2 2 bl:
Firewall2 Configuration |) Firewaiia
| Source Destination Port
H ‘any 2222 80.443
roger] | 1012024 ‘any ‘any [7 Rowter2
‘any any deny H
[7 toad Balancer
Orchestration Application Database Application Server Cluster
‘Server Server Server
Oo Oo O oO
[ES | emere
Clickabie items](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000800001.png)
![PART1
Instruction: Click on each device to review more information of DNS, Firewall1, Firewall2,
Router1, Router2, VPN and Orchestration Server.
(17 oNs Provider
|) Firewata
Router 2 El Ely:
Router2 Configuration 7
Public IP: 2.222 i
Rowtert [| | internat: 10.12.1124 | [] Router2
Site-to-Site VPN Configuration
‘Address Space: 10.1.1.0/24
‘Subnet: 255.255.255.0
PSK: Cloud002
| IKE: SHAV/AES256/0H2/SA Lifetime: 28800
p [_] Load Balancer
Oo oO oO Oo Oo oO Oo
Orchestration Application Database Application Senver Cluster
‘Sener ‘Server ‘Serer
TART Saja](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0000900001.png)
![PART1
Instruction: Click on each device to review more information of DNS, Firewall1, Firewall2,
Routert, Router2, VPN and Orchestration Server.
Frrewalt []
.) ven
Site-to-Site VPN Configuration C7 Firewate
PSK: Cloud001 .
IKE: SHA1/AES256/DH2/SA Lifetime: 28800 H
Routert [] | G |) Router 2
T
mid [7] Load Balancer
10..1.0124 1012024
= L L LL L
| Oo a Oo i Oo
Crchestation Appcaton Database
Sener Eine” ener
Application Server Cluster
PART Eh Gabe ens](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0001000001.png)
![PART 1
lick on each device to review more information of DNS, Firewallt, Firewall2,
Router, Router2, VPN and Orchestration Server.
‘Orchestration Server Oe
Nome: Basie Server [7] oNs Proviaer
Network 101.1024
‘Name: Cloud Server
Network: 10.1.2.0/24
1 Firewa2
‘Name: Application Server
Baseline: Basic_ Server
Type: Webserver
Tae Daan Sone Rower2
(J) Load Balancer
Comet
Torta
ane Coporat_ DataCenter
Baseine Database Server ;
Count 1 ip
ron Clo Serve Prowder
[7 | Baseline: Cloud_server b oO
‘Orchestration Appiicati cones |Cluster
Sener Sher Sener
PART1 PART2 Clickable items](https://eaeastus2.blob.core.windows.net/optimizedimages/assets/media/exam-media/04064/0001100001.png)
Explanations
See the solution below.
Part 1: Router 2 is the problem and this should be selected.If you examine the preshared key used for the VPN you will see that it is not configured with the correct key.
It is using Cloud002 while router1 is using Cloud001 Part 2: Update the PSK (Pre-shared key in Router2) Add the Application Server at on-premises to the Load Balancer.
