Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Free and Premium CompTIA CV0-004 Dumps Questions Answers

Page: 1 / 16
Total 213 questions

CompTIA Cloud+ (2024) Questions and Answers

Question 1

Which of the following vulnerability management concepts is best defined as the process of discovering vulnerabilities?

Options:

A.

Scanning

B.

Assessment

C.

Remediation

D.

Identification

Buy Now
Question 2

An IT manager is migrating the production environment to the cloud but needs to keep control of the operating systems, patches, and settings of all resources. Which of the following deployment models will best meet the requirements?

Options:

A.

FaaS

B.

PaaS

C.

laaS

D.

SaaS

Question 3

A company serves customers globally from its website hosted in North America. A cloud engineer recently deployed new instances of the website in the Europe region. Which of the

following is the most likely reason?

Options:

A.

To simplify workflow

B.

To enhance security

C.

To reduce latency

D.

To decrease cost

Question 4

A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.

The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.

The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.

During testing, the company discovers that only 20% of connections completed successfully.

INSTRUCTIONS

Review the network architecture and supporting documents and fulfill these requirements:

Part 1:

Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server.

Identify the problematic device(s).

Part 2:

Identify the correct options to provide adequate configuration for hybrid cloud architecture.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Part 1:

Cloud Hybrid Network Diagram

Part 2:

Only select a maximum of TWO options from the multiple choice question

Options:

Question 5

An engineer made a change to an application and needs to select a deployment strategy that meets the following requirements:

• Is simple and fast

• Can be performed on two Identical platforms

Which of the following strategies should the engineer use?

Options:

A.

Blue-green

B.

Canary

C.

Rolling

D.

in-place

Question 6

Which of the following cloud-native architecture designs is the most easily maintained, decentralized, and decoupled?

Options:

A.

Monolithic

B.

Hybrid cloud

C.

Mainframe

D.

Microservices

Question 7

A cloud security analyst is investigating the impact of a recent cyberattack. The analyst is reviewing the following information:

Web server access log:

104.210.233.225 - - [21/10/2022:11:17: 40] "POST /uploadfile.html?f=myfile.php" 200 1638674

45.32.10.66 - - [21/10/2022:11:19:12] "GET /welcome.html" 200 5812

104.210.233.225 - - [21/10/2022:11:21:19] "GET / .. / .. / .. / .. /conf/server.xml HTTP/1.1" 200 74458

45.32.10.66 - - [21/10/22:11:22:32] "GET /admin.html HTTP/1.1" 200 9518

Web application firewall log:

"2022/10/21 11:17:33" "10.25.2.35" "104. 210.233.225" "userl" "File transfer completed successfully."

"2022/10/21 11:21:05" "10. 25.2. 35" "104. 210.233.225" "userl" "Accessed application page."

"2022/10/21 11:22:13" "10.25.2.35" "45. 32. 10. 66" "user2" "Accessing admin page. "

Which of the following has occurred?

Options:

A.

The corporate administration page was defaced by the attacker.

B.

A denial-of-service attack was successfully performed on the web server.

C.

A new user was created on the web server by the attacker.

D.

Sensitive information from the corporate web server was leaked.

Question 8

For compliance purposes, a cloud developer at an insurance company needs to save all customer policies for more than ten years. Which of the following options is the most cost-

efficient tier to save the data in the cloud?

Options:

A.

Archive

B.

Hot

C.

Cold

D.

Warm

Question 9

A cloud architect is preparing environments to develop a new application that will process sensitive data. The project team consists of one internal developer, two external consultants, and three testers. Which of the following is the most important security control for the cloud architect to consider implementing?

Options:

A.

Setting up private development, public development, and testing environments

B.

Segregating environments for internal and external teams

C.

Configuring DDoS protection to mitigate the risk of downtime

D.

Using IAM and ACL in order to bolster DLP

Question 10

A company wants to implement a work environment that will have low operational overhead and highly accessible enterprise resource planning, email, and data resources. Which of

the following cloud service models should the company implement?

Options:

A.

laaS

B.

PaaS

C.

DBaaS

D.

SaaS

Question 11

A cloud engineer is developing an operating expense report that will be used to purchase various cloud billing models for virtual machine instances. The cloud billing model must meet the following requirements:

• The instance cannot be ephemeral.

• The minimum life cycle of the instance is expected to be five years.

• The software license is charged per physical CPU count.

Which of the following models would best meet these requirements?

Options:

A.

Dedicated host

B.

Spot instance

C.

Pay-as-you-go

D.

Reserved resources

Question 12

A cloud deployment uses three different VPCs. The subnets on each VPC need to communicate with the others over private channels. Which of the following will achieve this objective?

Options:

A.

Deploying a load balancer to send traffic to the private IP addresses

B.

Creating peering connections between all VPCs

C.

Adding BGP routes using the VPCs' private IP addresses

D.

Establishing identical routing tables on all VPCs

Question 13

A cloud engineer wants to deploy a new application to the cloud and is writing the following script:

Which of the following actions will this script perform?

Options:

A.

Upload a new VM image.

B.

Create a new cloud resource.

C.

Build a local server.

D.

Import a cloud module.

Question 14

Which of the following provides secure, private communication between cloud environments without provisioning additional hardware or appliances?

Options:

A.

VPN

B.

VPC peering

C.

BGP

D.

Transit gateway

Question 15

A customer relationship management application, which is hosted in a public cloud laaS network, is vulnerable to a remote command execution vulnerability. Which of the following is

the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?

Options:

A.

IPS

B.

ACL

C.

DLP

D.

WAF

Question 16

A systems administrator is provisioning VMs according to the following requirements:

· A VM instance needs to be present in at least two data centers.

. During replication, the application hosted on the VM tolerates a maximum latency of one second.

· When a VM is unavailable, failover must be immediate.

Which of the following replication methods will best meet these requirements?

Options:

A.

Snapshot

B.

Transactional

C.

Live

D.

Point-in-time

Question 17

A cloud security analyst is concerned about security vulnerabilities in publicly available container images. Which of the following is the most appropriate action for the analyst to

recommend?

Options:

A.

Using CIS-hardened images

B.

Using watermarked images

C.

Using digitally signed images

D.

Using images that have an application firewall

Question 18

An administrator used a script that worked in the past to create and tag five virtual machines. All of the virtual machines have been created: however, the administrator sees the following results:

{ tags: [ ] }

Which of the following is the most likely reason for this result?

Options:

A.

API throttling

B.

Service quotas

C.

Command deprecation

D.

Compatibility issues

Question 19

A cloud engineer is extending on-premises services to a public cloud. The following design requirements must be considered in the overall solution:

" The ability to remotely connect systems from both environments

• No IP address conflicts or overlap

• Cost-effectiveness

Which of the following cloud network concepts best meets these requirements?

Options:

A.

Dedicated connection

B.

VPN

C.

VLAN

D.

ACL

Question 20

A video surveillance system records road incidents and stores the videos locally before uploading them to the cloud and deleting them from local storage. Which of the following

best describes the nature of the local storage?

Options:

A.

Persistent

B.

Ephemeral

C.

Differential

D.

Incremental

Question 21

An e-commerce store is preparing for an annual holiday sale. Previously, this sale has increased the number of transactions between two and ten times the normal level of

transactions. A cloud administrator wants to implement a process to scale the web server seamlessly. The goal is to automate changes only when necessary and with minimal cost.

Which of the following scaling approaches should the administrator use?

Options:

A.

Scale horizontally with additional web servers to provide redundancy.

B.

Allow the load to trigger adjustments to the resources.

C.

When traffic increases, adjust the resources using the cloud portal.

D.

Schedule the environment to scale resources before the sale begins.

Question 22

Which of the following network types allows the addition of new features through the use of network function virtualization?

Options:

A.

Local area network

B.

Wide area network

C.

Storage area network

D.

Software-defined network

Question 23

A banking firm's cloud server will be decommissioned after a successful proof of concept using mirrored data. Which of the following is the best action to take regarding the storage used on the decommissioned server?

Options:

A.

Keep it temporarily.

B.

Archive it.

C.

Delete it.

D.

Retain it permanently

Question 24

A company is developing a new web application that requires a relational database management system with minimal operational overhead. Which of the following should the company choose?

Options:

A.

A database installed on a virtual machine

B.

A managed SQL database on the cloud

C.

A database migration service

D.

A hybrid database setup

Question 25

A cloud administrator learns that a major version update. 4.6.0. is available for a business-critical application. The application is currently on version 4.5.2. with additional minor versions 3, 4, and 5 available. The administrator needs to perform the update while minimizing downtime. Which of the following should the administrator do first?

Options:

A.

Apply the minor updates and then restart the machine before applying the major update.

B.

During off hours, decommission the machine and create a new one directly on major update 4.6.0.

C.

Stop the service and apply the major updates directly.

D.

Create a test environment and apply the major update

Question 26

A company's website suddenly crashed. A cloud engineer investigates the following logs:

Which of the following is the most likely cause of the issue?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Leaked credentials

D.

DDoS

Question 27

A newly configured VM fails to run application updates despite having internet access. The updates download automatically from a third-party network. Given the following output:

Which of the following troubleshooting steps would be best to take?

Options:

A.

Checking DNS configurations

B.

Reconfiguring routing protocols

C.

Testing the IP address configuration

D.

Running a trace to the router

Question 28

Which of the following container storage types loses data after a restart?

Options:

A.

Object

B.

Persistent volume

C.

Ephemeral

D.

Block

Question 29

A cloud engineer needs to deploy a new version of a web application to 100 servers. In the past, new version deployments have caused outages. Which of the following deployment types should the cloud engineer implement to prevent the outages from happening this time?

Options:

A.

Rolling

B.

Blue-green

C.

Canary

D.

Round-robin

Question 30

A highly regulated business is required to work remotely, and the risk tolerance is very low. You are tasked with providing an identity solution to the company cloud that includes the following:

  • secure connectivity that minimizes user login
  • tracks user activity and monitors for anomalous activity
  • requires secondary authentication

INSTRUCTIONS

Select controls and servers for the proper control points.

Options:

Question 31

A cloud security analyst is looking for existing security vulnerabilities on software applications. Which of the following describes this vulnerability management phase?

Options:

A.

Analyze

B.

Report

C.

Remediation

D.

identification

Question 32

Which of the following is a field of computer science that enables computers to identify and understand objects and people in images and videos?

Options:

A.

Image reconstruction

B.

Facial recognition

C.

Natural language processing

D.

Computer vision

Question 33

A software engineer needs to transfer data over the internet using programmatic access while also being able to query the data. Which of the following will best help the engineer to complete this task?

Options:

A.

SQL

B.

Web sockets

C.

RPC

D.

GraphQL

Question 34

A customer is migrating applications to the cloud and wants to grant authorization based on the classification levels of each system. Which of the following should the customer implement to ensure authorisation to systems is granted when the user and system classification properties match? (Select two).

Options:

A.

Resource tagging

B.

Discretionary access control

C.

Multifactor authentication

D.

Role-based access control

E.

Token-based authentication

F.

Bastion host

Question 35

A company wants to use a solution that will allow for quick recovery from ransomware attacks, as well as intentional and unintentional attacks on data integrity and availability. Which of the following should the company implement that will minimize administrative overhead?

Options:

A.

Object versioning

B.

Data replication

C.

Off-site backups

D.

Volume snapshots

Question 36

A cloud engineer wants to implement a monitoring solution to detect cryptojacking and other cryptomining malware on cloud instances. Which of the following metrics would most likely be used to identify the activity?

Options:

A.

Disk I/O

B.

Network packets

C.

Average memory utilization

D.

Percent of CPU utilization

Question 37

Which of the following is the best type of database for storing different types of unstructured data that may change frequently?

Options:

A.

Vector

B.

Relational

C.

Non-relational

D.

Graph

Question 38

A cloud engineer is running a latency-sensitive workload that must be resilient and highly available across multiple regions. Which of the following concepts best addresses these

requirements?

Options:

A.

Cloning

B.

Clustering

C.

Hardware passthrough

D.

Stand-alone container

Question 39

A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.

INSTRUCTIONS

Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.

Web app 1

Web app 2

Web app 3

Web app 4

Client app

Options:

Question 40

A cloud engineer is reviewing a disaster recovery plan that includes the following requirements:

• System state, files, and configurations must be backed up on a weekly basis.

• The system state, file, and configuration backups must be tested annually.

Which of the following backup methods should the engineer implement for the first week the plan is executed?

Options:

A.

Differential

B.

Incremental

C.

Snapshot

D.

Full

Question 41

A cloud architect attempts to modify a protected branch but is unable to do so. The architect receives an error indicating the action cannot be completed. Which of the following should the architect try instead''

Options:

A.

Adding a new remote

B.

Creating a pull request

C.

Merging the branch

D.

Rebasing the branch

Question 42

An administrator is creating a cron job that shuts down the virtual machines at night to save on costs. Which of the following is the best way to achieve this task?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 43

An organization wants to ensure its data is protected in the event of a natural disaster. To support this effort, the company has rented a colocation space in another part of the

country. Which of the following disaster recovery practices can be used to best protect the data?

Options:

A.

On-site

B.

Replication

C.

Retention

D.

Off-site

Question 44

A cloud engineer needs to determine a scaling approach for a payroll-processing solution that runs on a biweekly basis. Given the complexity of the process, the deployment to each

new VM takes about 25 minutes to get ready. Which of the following would be the best strategy?

Options:

A.

Horizontal

B.

Scheduled

C.

Trending

D.

Event

Question 45

A bank informs an administrator that changes must be made to backups for long-term reporting purposes. Which of the following is the most important change the administrator

should make to satisfy these requirements?

Options:

A.

Location of the backups

B.

Type of the backups

C.

Retention of the backups

D.

Schedule of the backups

Question 46

A company that has several branches worldwide needs to facilitate full access to a specific cloud resource to a branch in Spain. Other branches will have only read access. Which of

the following is the best way to grant access to the branch in Spain?

Options:

A.

Set up MFA for the users working at the branch.

B.

Create a network security group with required permissions for users in Spain.

C.

Apply a rule on the WAF to allow only users in Spain access to the resource.

D.

Implement an IPS/IDS to detect unauthorized users.

Question 47

The performance of an e-commerce website decreases dramatically during random periods. The IT team is evaluating available resources to mitigate the situation. Which of the following is the best approach to effectively manage this scenario'?

Options:

A.

Migrating to a dedicated host

B.

Purchasing additional servers

C.

Scheduling resource allocation

D.

Configuring automatic elasticity

Question 48

Between 11:00 a.m. and 1:00 p.m. on workdays, users report that the sales database is either not accessible, sluggish, or difficult to connect to. A cloud administrator discovers that during the impacted time, all hypervisors are at capacity. However, when 70% of the users are using the same database, those issues are not reported. Which of the following is the most likely cause?

Options:

A.

Oversubscription

B.

Resource allocation

C.

Sizing issues

D.

Service quotas

Question 49

A company has decided to adopt a microservices architecture for its applications that are deployed to the cloud. Which of the following is a major advantage of this type of architecture?

Options:

A.

Increased security

B.

Simplified communication

C.

Reduced server cost

D.

Rapid feature deployment

Question 50

A systems administrator is configuring backups on a VM and needs the process to run as quickly as possible, reducing the bandwidth on the network during all times from Monday through Saturday. In the event of data corruption, the management team expects the mean time to recovery to be as low as possible. Which of the following backup methods can the administrator use to accomplish these goals?

Options:

A.

Incremental backup daily to the cloud

B.

Full backup on Sunday and incremental backups on all other days of the week

C.

Differential backup daily to the cloud

D.

Incremental backups during off-hours on Monday, Wednesday, and Friday

Question 51

An administrator is setting up a cloud backup solution that requires the following features:

• Cost effective

• Granular recovery

• Multilocation

Which of the following backup types best meets these requirements?

Options:

A.

Off-site, full, incremental, and differential

B.

Cloud site, full, and differential

C.

On-site. full, and incremental

D.

On-site. full, and differential

Question 52

A healthcare organization must follow strict compliance requirements to ensure that Pll is not leaked. The cloud administrator needs to ensure the cloud email system can support this requirement Which of the following should the organization enable?

Options:

A.

IPS

B.

OLP

C.

ACL

D.

WAF

Question 53

A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

Which of the following changes should the engineer make lo the file to improve container security?

Options:

A.

Add the instruction "JSER nonroot.

B.

Change the version from latest to 3.11.

C.

Remove the EHTRYPOIKT instruction.

D.

Ensure myapp/main.pyls owned by root.

Question 54

An organization has been using an old version of an Apache Log4j software component in its critical software application. Which of the following should the organization use to

calculate the severity of the risk from using this component?

Options:

A.

CWE

B.

CVSS

C.

CWSS

D.

CVE

Question 55

A company recently set up a CDN for its photography and image-sharing website. Which of the following is the most likely reason for the company's action?

Options:

A.

To eliminate storage costs

B.

To improve site speed

C.

To enhance security of static assets

D.

To prevent unauthorized access

Question 56

Which of the following is a direct effect of cloud migration on an enterprise?

Options:

A.

The enterprise must reorganize the reporting structure.

B.

Compatibility issues must be addressed on premises after migration.

C.

Cloud solutions will require less resources than on-premises installations.

D.

Utility costs will be reduced on premises.

Question 57

Which of the following best explains the concept of migrating from on premises to the cloud?

Options:

A.

The configuration of a dedicated pipeline to transfer content to a remote location

B.

The creation of virtual instances in an external provider to transfer operations of selected servers into a new. remotely managed environment

C.

The physical transportation, installation, and configuration of company IT equipment in a cloud services provider's facility

D.

The extension of company IT infrastructure to a managed service provider

Question 58

Following a ransomware attack, the legal department at a company instructs the IT administrator to store the data from the affected virtual machines for a minimum of one year.

Which of the following is this an example of?

Options:

A.

Recoverability

B.

Retention

C.

Encryption

D.

Integrity

Question 59

A cloud infrastructure administrator updated the IP tables to block incoming connections and outgoing responses to 104.225.110.203. Which of the following vulnerability

management steps is this an example of?

Options:

A.

Scanning scope

B.

Remediation

C.

Identification

D.

Assessment

Question 60

Which of the following describes the main difference between public and private container repositories?

Options:

A.

Private container repository access requires authorization, while public repository access does not require authorization.

B.

Private container repositories are hidden by default and containers must be directly referenced, while public container repositories allow browsing of container images.

C.

Private container repositories must use proprietary licenses, while public container repositories must have open-source licenses.

D.

Private container repositories are used to obfuscate the content of the Dockerfile, while public container repositories allow for Dockerfile inspection.

Question 61

Which of the following is true of SSDs?

Options:

A.

SSDs do not have self-encrypting capabilities.

B.

SSDs have small storage capacities.

C.

SSDs can be used for high-IOP applications.

D.

SSDs are used mostly in cold storage.

Question 62

Servers in the hot site are clustered with the main site.

Options:

A.

Network traffic is balanced between the main site and hot site servers.

B.

Offline server backups are replicated hourly from the main site.

C.

All servers are replicated from the main site in an online status.

D.

Which of the following best describes a characteristic of a hot site?

Question 63

A cloud service provider requires users to migrate to a new type of VM within three months. Which of the following is the best justification for this requirement?

Options:

A.

Security flaws need to be patched.

B.

Updates could affect the current state of the VMs.

C.

The cloud provider will be performing maintenance of the infrastructure.

D.

The equipment is reaching end of life and end of support.

Page: 1 / 16
Total 213 questions