CompTIA CompTIA Certifications CV0-003 Questions & Answers

• Question 431:

  A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the company use to verify if this is a true positive with the least effort and cost? (Select two).

  A. A network-based scan

  B. An agent-based scan

  C. A port scan

  D. A red-team exercise

  E. A credentialed scan

  F. A blue-team exercise

  G. Unknown environment penetration testing

  Correct Answer: AE

• Question 432:

  Following the deployment of a new VM, a cloud engineer notices the backup platform has not added the machine to the appropriate job. The backup platform uses a text-based variable for job configuration. This variable is based on the RPO requirements for the workload. Which of the following did the cloud engineer forget to configure when deploying the virtual machine?

  A. Tags

  B. RPO

  C. RTO

  D. Server name

  E. Template

  Correct Answer: A

  Explanation: Tags are key-value pairs that can be applied to cloud resources to organize, categorize, and filter them. Tags can also be used to assign resources to backup jobs based on their RPO requirements. The cloud engineer forgot to configure the appropriate tag for the new VM that matches the text-based variable of the backup platform. Therefore, the backup platform did not add the VM to the correct job. References: Tags and labels | Cloud Storage | Google Cloud, CompTIA Cloud+ Certification Exam Objectives, Domain 4.0: Operations and Support, Objective 4.3: Given a scenario, apply the appropriate methods for cost control in a cloud environment.

• Question 433:

  A cloud administrator is choosing a backup schedule for a new application platform that creates many small files. The backup process impacts the performance of the application, and backup times should be minimized during weekdays. Which of the following backup types best meets the weekday requirements?

  A. Database dump

  B. Differential

  C. Incremental

  D. Full

  Correct Answer: C

  Explanation: Incremental backups only back up the files that have changed since the last backup, which minimizes the backup time and the performance impact on the application. Differential backups back up all the files that have changed since the last full backup, which can take longer and consume more storage space. Database dump and full backups are not suitable for weekday requirements, as they back up the entire database or filesystem, which can be time-consuming and resource-intensive. References: CompTIA Cloud+ CV0-003 Exam Objectives, Objective 3.3: Given a scenario, implement backup, restore, disaster recovery and business continuity solutions

• Question 434:

  A cloud administrator needs to implement a new system within the current CSR The system requires a storage service to allocate a large number of digital files and images. The storage service must keep files for distributed access and serve images directly to the user's browser. Which of the following solutions would best meet these requirements?

  A. NAS storage

  B. Object storage

  C. File storage

  D. Block storage

  Correct Answer: B

  Explanation: One possible solution for the cloud administrator is to use object storage. Object storage is a type of cloud storage service that stores data as objects, which consist of data, metadata, and a unique identifier. Object storage can allocate a large number of digital files and images, as it can scale to petabytes of capacity and handle billions of objects. Object storage can also keep files for distributed access, as it can store data across multiple regions and zones, and provide high availability and durability. Object storage can also serve images directly to the user's browser, as it can generate public URLs for each object that can be accessed over the internet12. NAS storage, file storage, and block storage are not the best solutions for these requirements, as they have some limitations compared to object storage. NAS storage and file storage store data as files in a hierarchical structure, which can be inefficient for managing a large number of files and images. Block storage stores data as blocks in a fixed structure, which can be wasteful for storing variable-sized files and images. NAS storage, file storage, and block storage also require a file system or a protocol to access the data, which can add complexity and overhead to the system12.

• Question 435:

  Which of the following should a cloud architect consider for a containerized cluster in a cloud environment?

  A. The regional area

  B. Cloud bursting

  C. Lower costs

  D. Scalability

  Correct Answer: D

  Scalability is the ability of a system to handle increasing or decreasing demand by adding or removing resources accordingly. According to the web search results, scalability is one of the main benefits of using containers in a cloud environment, as containers are lightweight, portable, and independent units of software that can run on any compatible host . A containerized cluster is a group of hosts that run multiple containers and share resources and services. A containerized cluster can scale up or down easily by adding or removing hosts or containers as needed, without affecting the functionality or performance of the applications .

• Question 436:

  A security analyst is investigating incidents in which attackers are able to access sensitive data from a corporate application's database. The attacks occur periodically and usually

  after the release of a new application's version. The following log confirms the compromise:

  USER: WebApp access--key accepted

  WebApp user assumed DBA role

  GetData API call executed

  The following actions are made after every incident occurrence:

  Validation of firewall rules Scripted rebuild of the database and web instances Application deployment from a cloud code repository

  Which of the following actions will MOST likely prevent future compromises?

  A. Rotating the account credentials

  B. Migrating the database to be on premises

  C. Forbidding the use of API calls to retrieve data

  D. Implementing a new database service account

  Correct Answer: A

  One possible cause for the incidents in which attackers are able to access sensitive data from a corporate application's database is that the account credentials used by the web application to access the database are compromised or leaked. The log confirms that the attackers are using the WebApp user account to assume the DBA role and execute the GetData API call, which could allow them to retrieve any data from the database. The account credentials could be compromised or leaked due to various reasons, such as weak passwords, phishing attacks, code injection, or insecure storage or transmission. Therefore, one action that will most likely prevent future compromises is to rotate the account credentials, which means changing them periodically or after every incident occurrence. Rotating the account credentials can reduce the risk of unauthorized access by invalidating the old or stolen credentials and enforcing strong and unique passwords for each account.

• Question 437:

  A web-application company recently released some new marketing promotions without notifying the IT staff. The systems administrator has since been noticing twice the normal traffic consumption every two hours for the last three hours in the container environment. Which of the following should the company implement to accommodate the new traffic?

  A. A firewall

  B. Switches

  C. Ballooning

  D. Autoscaling

  Correct Answer: D

  According to the CompTIA Cloud+ Study Guide1, autoscaling is "the ability to automatically increase or decrease the number of resources allocated to a cloud service based on the current demand". This means that autoscaling can help a

  cloud environment adjust to changes in traffic and workload, such as the ones caused by the new marketing promotions.

  Ballooning, on the other hand, is "a technique used by hypervisors to reclaim unused memory from a virtual machine and allocate it to another virtual machine that needs more memory". This means that ballooning can help optimize the

  memory usage of a cloud environment, but it does not affect the number of resources allocated to a cloud service. A firewall is "a device or software that monitors and controls the incoming and outgoing network traffic based on predefined

  rules". This means that a firewall can help protect a cloud environment from unauthorized access and malicious attacks, but it does not affect the number of resources allocated to a cloud service. Switches are "devices that connect multiple

  devices on a network and forward data packets between them". This means that switches can help improve the network performance and connectivity of a cloud environment, but they do not affect the number of resources allocated to a cloud

  service.

  Based on this information, I think the best answer to your question is D. Autoscaling. Autoscaling can help the company accommodate the new traffic by automatically increasing or decreasing the number of resources allocated to their web-

  application service based on the current demand. This can also help reduce costs and improve performance and availability.

  I hope this helps you understand the concept of autoscaling better. If you want to learn more about CompTIA Cloud+, you can check out some of these resources:

  CompTIA Cloud+ : Cloud High Availability and Scaling: A video course that covers the topics of high availability and scaling in cloud environments, including autoscaling, horizontal scaling, vertical scaling and cloud bursting. Cloud+ (Plus)

  Certification | CompTIA IT Certifications: The official website of CompTIA Cloud+, where you can find exam details, preparation materials, renewal information and more.

• Question 438:

  A systems administrator must ensure confidential company information is not leaked to competitors. Which of the following services will BEST accomplish this goal?

  A. CASB

  B. IDS

  C. FIM

  D. EDR

  E. DLP

  Correct Answer: E

  Explanation: DLP (Data Loss Prevention) is a service that prevents the unauthorized or accidental disclosure of confidential or sensitive data, such as company information, intellectual property, customer data, or personal information. DLP can monitor, detect, and block the data in motion (such as email, web, or network traffic), data at rest (such as files, databases, or cloud storage), or data in use (such as endpoints, applications, or clipboard). DLP can help a systems administrator to ensure confidential company information is not leaked to competitors by applying policies and rules that define what data is considered confidential, who can access it, how it can be used, and what actions to take if a violation occurs. For example, DLP can encrypt, quarantine, delete, or alert the administrator if confidential data is being copied, transferred, or shared outside the organization.

• Question 439:

  A cloud administrator implemented SSO and received a business requirement to increase security when users access the cloud environment. Which of the following should be implemented NEXT to improve the company's security posture?

  A. SSH

  B. MFA

  C. Certificates

  D. Federation

  Correct Answer: B

  Explanation: MFA (Multi-Factor Authentication) is a security technique that requires the user to present two or more pieces of evidence to prove their identity when they try to access a system or an application. For example, a password and a physical token, or a fingerprint and a one-time code. MFA can improve the company's security posture by preventing unauthorized access even if the password or single-factor authentication is compromised, as the attacker would also need to have the other factors to log in. According to the web search results, MFA can prevent 99.9% of account attacks1. SSO (Single Sign-On) is a system that allows the user to use one set of login credentials to access multiple systems and applications that previously may have each required their own logins. SSO can improve productivity and user convenience, but it does not replace MFA. In fact, SSO works in conjunction with MFA, as it can enforce MFA for all the systems and applications that are integrated with SSO2. Therefore, implementing SSO does not mean that MFA is not needed.

• Question 440:

  Users currently access SaaS email with five-character passwords that use only letters and numbers. An administrator needs to make access more secure without changing the password policy. Which of the following will provide a more secure way of accessing email at the lowest cost?

  A. Change the email service provider.

  B. Enable MFA with a one-time password.

  C. Implement SSO for all users.

  D. Institute certificate-based authentication

  Correct Answer: B

  Explanation: Enable MFA with a one-time password. MFA stands for multi-factor authentication, which is a method of verifying a user's identity by requiring two or more forms of authentication. A one-time password (OTP) is a code that is generated randomly and valid only for a short period of time. By enabling MFA with OTP, the administrator can make access to the SaaS email more secure without changing the password policy, as users will need to provide both their password and an OTP to sign in.