Vce CV0-003 Questions Latest

The inbound rule that the security team identified as a potential vulnerability is the one that allows SSH access (port 22) from any source (0.0.0.0/0). This means that anyone on the internet can try to connect to the Linux servers using SSH, which poses a risk of unauthorized access or brute-force attacks. The cloud administrator, who is working remotely, logs in to the cloud management console and modifies the rule to set the source to “My IP”. This means that only the administrator’s IP address can connect to the Linux servers using SSH, which improves the security of the servers. However, this also prevents other authorized users, such as the internal developer, from accessing the servers using SSH, as they have different IP addresses than the administrator. Therefore, the administrator needs to modify the rule again to allow more sources for SSH access.

The best option for both the developer and the administrator to access the server from their locations is to modify the inbound rule to allow the company’s external IP address as a source. This means that only the IP addresses that belong to the company’s network can connect to the Linux servers using SSH, which reduces the attack surface and ensures that only authorized users can access the servers. The company’s external IP address can be obtained by using a web service such as [What Is My IP Address?] or [IP Location]. The administrator can then enter this IP address or its CIDR notation in the source field of the inbound rule.

The best method to maintain data confidentiality after discovering that the servers have been compromised and sensitive files have been exfiltrated is encryption. Encryption is a process that transforms data into an unreadable format using an algorithm and a key. Encryption can protect data at rest, in transit, or in use from unauthorized access, tampering, or leakage. The systems administrator should encrypt the sensitive files and their backups using strong encryption algorithms and keys, and also encrypt the network traffic using protocols such as SSL or IPSec. Reference: CompTIA Cloud+ Certification Exam Objectives, Domain 2.0 Security, Objective 2.5 Given a scenario, apply data security techniques in the cloud.

MFA (Multi-Factor Authentication) is a security technique that requires the user to present two or more pieces of evidence to prove their identity when they try to access a system or an application. For example, a password and a physical token, or a fingerprint and a one-time code. MFA can improve the company’s security posture by preventing unauthorized access even if the password or single-factor authentication is compromised, as the attacker would also need to have the other factors to log in. According to the web search results, MFA can prevent 99.9% of account attacks1.

SSO (Single Sign-On) is a system that allows the user to use one set of login credentials to access multiple systems and applications that previously may have each required their own logins. SSO can improve productivity and user convenience, but it does not replace MFA. In fact, SSO works in conjunction with MFA, as it can enforce MFA for all the systems and applications that are integrated with SSO2. Therefore, implementing SSO does not mean that MFA is not needed.

Maximum resource consumption is what will help predict the operational expenditures in the cloud for an application that is being migrated from on premises to a public cloud provider. Operational expenditures are the ongoing costs of running and maintaining a system or service, such as cloud resources or services. Operational expenditures can vary depending on various factors, such as usage, demand, performance, etc. Maximum resource consumption is the highest amount of resources or capacity that are used or consumed by a system or service during peak periods of activity or load. Maximum resource consumption can help predict operational expenditures in the cloud by providing information such as:

• Resource type: This indicates what type of resources are used or consumed by the system or service, such as compute, storage, network, etc.
• Resource amount: This indicates how much of each resource type are used or consumed by the system or service, such as CPU cores, memory, disk space, bandwidth, etc.
• Resource price: This indicates how much each resource type costs in the cloud provider’s pricing model, such as per hour, per GB, per Mbps, etc.