P
PRRE
EMM II U
UMM SS TT U
UDDY
Y M
MAA TT E
ERR II A
A LL SS STUDY COLLECTION: 2025
COHESITY DATA PROTECTION ASSOCIATE EXAM
2025/2026 – VERIFIED QUESTIONS WITH DETAILED
CORRECT ANSWERS
WHAT'S INSIDE:
Latest 2025/2026 Questions
Verified Correct Answers Highlighted for Easy Learning
Detailed Explanations & Rationales for Better Understanding
Proven to Boost Grades and Exam Confidence
Covers All Essential Topics and Core Concepts
Perfect for Quick Revision and Last-Minute Review
Question 1
A financial services company runs a Cohesity cluster of three nodes and needs to guarantee that any single node
failure will not cause data loss. Which configuration attribute ensures this level of protection?
A. Three-way replication
B. Erasure coding with a 2+1 parity scheme
C. Snapshot mirroring across two clusters
D. RAID‑5 on each node's local disks
Correct Answer
Erasure coding with a 2+1 parity scheme
Rationale:
Erasure coding with two data and one parity chunk tolerates one node loss while preserving data integrity, matching the required
protection level.
,Question 2
During a routine audit, a security officer discovers that Cohesity agents are communicating over unencrypted HTTP.
Which immediate action restores compliance with data‑in‑motion encryption standards?
A. Disable the agents and use manual file copies
B. Re‑configure agents to use HTTPS with a trusted certificate
C. Upgrade the agents to the latest version without changing protocols
D. Enable VPN tunneling between agents and the cluster
Correct Answer
Re‑configure agents to use HTTPS with a trusted certificate
Rationale:
Switching agents to HTTPS encrypts traffic, meeting encryption‑in‑transit requirements without altering backup architecture.
Question 3
An enterprise wants to retain immutable backups for 45 days to satisfy ransomware‑protection policies. Which
Cohesity feature should be enabled, and what is the minimum retention period it supports?
A. DataLock with a 30‑day minimum
B. Immutable Snapshots with a 7‑day minimum
C. Write‑once Read‑many (WORM) mode with a 60‑day minimum
D. DataLock with a 90‑day minimum
Correct Answer
DataLock with a 30‑day minimum
Rationale:
DataLock provides immutability and enforces a minimum retention of 30 days, satisfying the 45‑day requirement when configured
accordingly.
Question 4
A global retailer plans to archive cold data to Azure Blob Storage using Cohesity CloudTier. Which policy setting
determines the threshold at which data is moved from primary storage to the cloud tier?
A. Retention period
B. Access frequency tier
C. Capacity utilization percentage
D. Data age in days
Correct Answer
Data age in days
Rationale:
CloudTier uses data age to decide when objects become cold and should be tiered to Azure, aligning with archival strategies.
,Question 5
A backup job for a Microsoft SQL Server database fails with error code 0x80070005. Which root cause is most likely,
and what is the recommended remediation?
A. Insufficient disk space on the target node; add more capacity
B. SQL Server service account lacks read permissions; grant the account appropriate rights
C. Network latency exceeds thresholds; increase timeout values
D. Snapshot quota exceeded; increase the quota limit
Correct Answer
SQL Server service account lacks read permissions; grant the account appropriate
rights
Rationale:
Error 0x80070005 indicates access denied, typically due to inadequate permissions for the backup service account.
Question 6
A healthcare organization must ensure that all backup data complies with HIPAA encryption standards. Which
combination of settings fulfills both at‑rest and in‑transit encryption requirements?
A. Enable AES‑256 encryption on disks and configure agents to use HTTPS
B. Activate DataLock and use SMB3 for agent communication
C. Turn on compression only; encryption is not needed for HIPAA
D. Use NFS for data transfer and rely on underlying storage encryption
Correct Answer
Enable AES‑256 encryption on disks and configure agents to use HTTPS
Rationale:
AES‑256 satisfies HIPAA at‑rest encryption, while HTTPS secures data in transit, meeting the full compliance mandate.
, Question 7
During a multi‑cloud disaster‑recovery drill, a Cohesity cluster replicates data to both AWS S3 and Google Cloud
Storage. Which metric should be monitored to ensure replication latency stays within the defined RPO of 2 hours?
A. Average backup window duration
B. Replication lag time per bucket
C. Snapshot creation frequency
D. Deduplication ratio per site
Correct Answer
Replication lag time per bucket
Rationale:
Replication lag directly measures the delay between source and target, indicating whether the 2‑hour RPO is being met.
Question 8
A data‑engineer wants to script the creation of a Protection Group for Kubernetes Persistent Volumes using the
Cohesity REST API. Which endpoint is most appropriate for this task?
A. /v2/backup/jobs
B. /v2/protection-groups
C. /v2/kubernetes/volumes
D. /v2/cluster/nodes
Correct Answer
/v2/protection-groups
Rationale:
The /v2/protection-groups endpoint handles creation and management of protection groups, including Kubernetes workloads.
Question 9
An organization adopts a policy of performing Instant Mass Restore for virtual machines during a ransomware
event. Which underlying Cohesity capability enables this rapid recovery?
A. SpanFS global namespace
B. Snapshot cloning with zero‑copy architecture
C. DataLock immutable snapshots
D. Helios global job orchestration
Correct Answer
Snapshot cloning with zero‑copy architecture
Rationale:
Zero‑copy snapshot cloning allows instant access to data without materializing full copies, enabling rapid mass VM restoration.
PRRE
EMM II U
UMM SS TT U
UDDY
Y M
MAA TT E
ERR II A
A LL SS STUDY COLLECTION: 2025
COHESITY DATA PROTECTION ASSOCIATE EXAM
2025/2026 – VERIFIED QUESTIONS WITH DETAILED
CORRECT ANSWERS
WHAT'S INSIDE:
Latest 2025/2026 Questions
Verified Correct Answers Highlighted for Easy Learning
Detailed Explanations & Rationales for Better Understanding
Proven to Boost Grades and Exam Confidence
Covers All Essential Topics and Core Concepts
Perfect for Quick Revision and Last-Minute Review
Question 1
A financial services company runs a Cohesity cluster of three nodes and needs to guarantee that any single node
failure will not cause data loss. Which configuration attribute ensures this level of protection?
A. Three-way replication
B. Erasure coding with a 2+1 parity scheme
C. Snapshot mirroring across two clusters
D. RAID‑5 on each node's local disks
Correct Answer
Erasure coding with a 2+1 parity scheme
Rationale:
Erasure coding with two data and one parity chunk tolerates one node loss while preserving data integrity, matching the required
protection level.
,Question 2
During a routine audit, a security officer discovers that Cohesity agents are communicating over unencrypted HTTP.
Which immediate action restores compliance with data‑in‑motion encryption standards?
A. Disable the agents and use manual file copies
B. Re‑configure agents to use HTTPS with a trusted certificate
C. Upgrade the agents to the latest version without changing protocols
D. Enable VPN tunneling between agents and the cluster
Correct Answer
Re‑configure agents to use HTTPS with a trusted certificate
Rationale:
Switching agents to HTTPS encrypts traffic, meeting encryption‑in‑transit requirements without altering backup architecture.
Question 3
An enterprise wants to retain immutable backups for 45 days to satisfy ransomware‑protection policies. Which
Cohesity feature should be enabled, and what is the minimum retention period it supports?
A. DataLock with a 30‑day minimum
B. Immutable Snapshots with a 7‑day minimum
C. Write‑once Read‑many (WORM) mode with a 60‑day minimum
D. DataLock with a 90‑day minimum
Correct Answer
DataLock with a 30‑day minimum
Rationale:
DataLock provides immutability and enforces a minimum retention of 30 days, satisfying the 45‑day requirement when configured
accordingly.
Question 4
A global retailer plans to archive cold data to Azure Blob Storage using Cohesity CloudTier. Which policy setting
determines the threshold at which data is moved from primary storage to the cloud tier?
A. Retention period
B. Access frequency tier
C. Capacity utilization percentage
D. Data age in days
Correct Answer
Data age in days
Rationale:
CloudTier uses data age to decide when objects become cold and should be tiered to Azure, aligning with archival strategies.
,Question 5
A backup job for a Microsoft SQL Server database fails with error code 0x80070005. Which root cause is most likely,
and what is the recommended remediation?
A. Insufficient disk space on the target node; add more capacity
B. SQL Server service account lacks read permissions; grant the account appropriate rights
C. Network latency exceeds thresholds; increase timeout values
D. Snapshot quota exceeded; increase the quota limit
Correct Answer
SQL Server service account lacks read permissions; grant the account appropriate
rights
Rationale:
Error 0x80070005 indicates access denied, typically due to inadequate permissions for the backup service account.
Question 6
A healthcare organization must ensure that all backup data complies with HIPAA encryption standards. Which
combination of settings fulfills both at‑rest and in‑transit encryption requirements?
A. Enable AES‑256 encryption on disks and configure agents to use HTTPS
B. Activate DataLock and use SMB3 for agent communication
C. Turn on compression only; encryption is not needed for HIPAA
D. Use NFS for data transfer and rely on underlying storage encryption
Correct Answer
Enable AES‑256 encryption on disks and configure agents to use HTTPS
Rationale:
AES‑256 satisfies HIPAA at‑rest encryption, while HTTPS secures data in transit, meeting the full compliance mandate.
, Question 7
During a multi‑cloud disaster‑recovery drill, a Cohesity cluster replicates data to both AWS S3 and Google Cloud
Storage. Which metric should be monitored to ensure replication latency stays within the defined RPO of 2 hours?
A. Average backup window duration
B. Replication lag time per bucket
C. Snapshot creation frequency
D. Deduplication ratio per site
Correct Answer
Replication lag time per bucket
Rationale:
Replication lag directly measures the delay between source and target, indicating whether the 2‑hour RPO is being met.
Question 8
A data‑engineer wants to script the creation of a Protection Group for Kubernetes Persistent Volumes using the
Cohesity REST API. Which endpoint is most appropriate for this task?
A. /v2/backup/jobs
B. /v2/protection-groups
C. /v2/kubernetes/volumes
D. /v2/cluster/nodes
Correct Answer
/v2/protection-groups
Rationale:
The /v2/protection-groups endpoint handles creation and management of protection groups, including Kubernetes workloads.
Question 9
An organization adopts a policy of performing Instant Mass Restore for virtual machines during a ransomware
event. Which underlying Cohesity capability enables this rapid recovery?
A. SpanFS global namespace
B. Snapshot cloning with zero‑copy architecture
C. DataLock immutable snapshots
D. Helios global job orchestration
Correct Answer
Snapshot cloning with zero‑copy architecture
Rationale:
Zero‑copy snapshot cloning allows instant access to data without materializing full copies, enabling rapid mass VM restoration.
