CompTIA CompTIA Certifications CV0-003 Questions & Answers

• Question 441:

  A company that requires full administrative control at the OS level is considering the use of public cloud services. Which of the following service models would BEST fit the company's requirements?

  A. SaaS

  B. DBaaS

  C. PaaS

  D. laaS

  Correct Answer: D

  Explanation: laaS (Infrastructure as a Service) is a public cloud service model that provides access to fundamental compute, network, and storage resources on demand over the public Internet or through dedicated connections. Customers can provision and configure these resources according to their needs, and they have full administrative control at the OS level. This means that customers can install, update, and manage any software or applications they want on the cloud servers, as well as apply their own security and compliance policies. laaS is suitable for companies that require high flexibility and customization of their cloud infrastructure, as well as scalability and cost-efficiency.

• Question 442:

  A company is using a method of tests and upgrades in which a small set of end users are exposed to new services before the majority of other users. Which of the following deployment methods is being used?

  A. Blue-green

  B. Canary

  C. Big bang

  D. Rolling

  Correct Answer: B

  A canary deployment is a software deployment technique where a new feature or version is released to a small subset of users in production prior to releasing it to a larger subset or all the users. It is also sometimes termed a phased rollout or incremental release1. A canary deployment allows the developers to test the new service in a real environment and get feedback from the users before making it available to everyone. It also reduces the risk of failures and enables easy rollbacks if something goes wrong. A canary deployment is different from a blue-green deployment, where two identical environments are used to switch between the old and new versions of the service. A big bang deployment is where the new service is released to all the users at once, without any testing or gradual rollout. A rolling deployment is where the new service is installed in batches or stages, replacing the old service gradually until all the users are on the new version.

• Question 443:

  A cloud engineer has deployed a virtual storage appliance into a public cloud environment. The storage appliance has a NAT to a public IP address. An administrator later notices there are some strange files on the storage appliance and a large spike in network traffic on the machine. Which of the following is the MOST likely cause?

  A. The default password is still configured on the appliance.

  B. The appliance's certificate has expired.

  C. The storage appliance has no firewall.

  D. Data encryption is enabled, and the files are hashed.

  Correct Answer: A

  Explanation: One possible cause for the strange files and the large spike in network traffic on the storage appliance is that the default password is still configured on the appliance. A default password is a password that is set by the manufacturer or vendor of a device or software, and it is often easy to guess or find online. If the cloud engineer did not change the default password after deploying the virtual storage appliance, it could allow unauthorized users to access the appliance remotely and upload or download files, which could explain the symptoms observed by the administrator. This is a serious security risk that could compromise the confidentiality, integrity, and availability of the data stored on the appliance.

• Question 444:

  A technician deployed a VM with NL-SAS storage to host a critical application. Two weeks later, users have begun to report high application latency. Which of the following is the BEST action to correct the latency issue?

  A. Increase the capacity of the data storage.

  B. Migrate the data to SAS storage.

  C. Increase the CPU of the VM.

  D. Migrate the data to flash storage.

  Correct Answer: D

  The correct answer is D. Migrate the data to flash storage. Flash storage is a type of solid- state storage that uses flash memory to store data. Flash storage has much faster performance and lower latency than NL-SAS storage, which is a type of hard disk drive that uses nearline serial attached SCSI interface. According to the web search results, NL-SAS devices have much higher response times than flash devices123. Therefore, migrating the data to flash storage can reduce the application latency and improve the user experience. Increasing the capacity of the data storage, migrating the data to SAS storage, or increasing the CPU of the VM are not likely to solve the latency issue, as they do not address the root cause of the problem, which is the slow performance of NL-SAS storage. For more information on flash storage and its benefits, you can refer to the Dell EMC Unity: FAST Technology Overview2 or the Dell Technologies website4.

• Question 445:

  During a security incident on an laaS platform, which of the following actions will a systems administrator most likely take as part of the containment procedure?

  A. Connect to an instance for triage.

  B. Add a deny rule to the network ACL.

  C. Mirror the traffic to perform a traffic capture.

  D. Perform a memory acquisition.

  Correct Answer: B

  Adding a deny rule to the network ACL is a common containment procedure for a security incident on an IaaS platform, as it can isolate the affected instance from the rest of the network and prevent further compromise or data exfiltration. Connecting to an instance for triage, mirroring the traffic to perform a traffic capture, and performing a memory acquisition are more likely to be part of the analysis or evidence collection procedures, not the containment procedure. References: CompTIA Cloud+ CV0-003 Exam Objectives, Objective 4.2: Given a scenario, apply security configurations and compliance controls ; Cloud Security Mitigation | Cloud Computing | CompTIA1

• Question 446:

  An organization has a web-server farm. Which of the following solutions should be implemented to obtain efficient distribution of requests to theservers?

  A. A clustered web server infrastructure

  B. A load-balancing appliance

  C. A containerized application

  D. Distribution of web servers across different regions and zones

  Correct Answer: B

  A web-server farm is a group of web servers that work together to provide high availability and scalability for web applications1. A web-server farm can handle a large number of requests from clients by distributing the workload among the

  servers. A load-balancing appliance is a device that sits between the clients and the web servers and distributes the incoming requests to the servers based on a predefined algorithm2. A load-balancing appliance can improve the

  performance, reliability, and security of a web- server farm by providing the following benefits2:

  Load balancing: It ensures that no single server is overloaded and that all servers are utilized efficiently.

  Failover: It detects and redirects requests from failed or unavailable servers to healthy ones.

  Health monitoring: It periodically checks the status and performance of the servers and reports any issues or anomalies.

  SSL offloading: It terminates the SSL connections from the clients and forwards the requests to the servers in plain text, reducing the encryption overhead on the servers. Caching: It stores frequently requested content in its memory and

  serves it to the clients, reducing the network traffic and load on the servers. A clustered web server infrastructure is a configuration where multiple web servers are connected to a shared storage device and appear as a single logical server to

  the clients3. A clustered web server infrastructure can provide high availability and fault tolerance for web applications, but it does not provide load balancing or scalability.

  Therefore, option A is incorrect.

  A containerized application is an application that is packaged with its dependencies and runtime environment in a lightweight and portable unit called a container. A containerized application can run on any platform that supports container

  technology, such as Docker or Kubernetes. A containerized application can provide portability, consistency, and isolation for web applications, but it does not provide load balancing or scalability by itself.

  Therefore, option C is incorrect.

  Distribution of web servers across different regions and zones is a strategy that involves deploying web servers in multiple geographic locations to serve clients from different areas. Distribution of web servers across different regions and

  zones can provide low latency, high availability, and disaster recovery for web applications, but it does not provide load balancing or scalability within each region or zone. Therefore, option D is incorrect.

• Question 447:

  An organization is developing a new online product. The product must:

  Minimize organizational infrastructure and comply with security standards.

  Minimize organizational compliance efforts.

  Focus on application development and increase speed to market.

  Which of the following should the organization consider, given the requirements listed above?

  A. Use cloud-native serverless services.

  B. Implement automated compliance scanning tools.

  C. Harden servers using repeatable compliance templates.

  D. Deploy compliance linters in the CI/CD pipeline.

  Correct Answer: A

  Explanation: One possible answer is:

  A. Use cloud-native serverless services.

  Cloud-native serverless services are a type of cloud computing that allows developers to build and run applications without having to manage servers, infrastructure, or scaling. Cloud-native serverless services can help the organization meet

  the requirements listed above, as they can:

  Minimize organizational infrastructure and comply with security standards. Cloud- native serverless services are fully managed by the cloud provider, which means the organization does not have to provision, configure, or maintain any servers or infrastructure. The cloud provider also handles the security aspects of the serverless environment, such as encryption, authentication, authorization, patching, and monitoring. The organization can focus on developing the application logic and rely on the cloud provider to meet the security standards12. Minimize organizational compliance efforts. Cloud-native serverless services can also help the organization reduce the compliance burden, as they can leverage the compliance certifications and attestations of the cloud provider. The cloud provider can ensure that the serverless environment complies with various regulations and standards, such as PCI DSS, HIPAA, GDPR, ISO 27001, etc. The organization can inherit the compliance posture of the cloud provider and avoid the hassle of auditing and validating their own infrastructure12. Focus on application development and increase speed to market. Cloud-native serverless services can also enable the organization to accelerate the development and delivery of their online product, as they can write code using their preferred programming languages and frameworks, and deploy it quickly and easily to the serverless environment. The serverless environment can automatically scale up or down based on the demand, ensuring high availability and performance. The organization can also integrate serverless services with other cloud services, such as databases, storage, analytics, etc., to create a full- stack application12.

• Question 448:

  A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the use to verify if this is a true positive with the LEAST effort and cost? (Select TWO).

  A. A network-based scan

  B. An agent-based scan

  C. A port scan

  D. A red-team exercise

  E. A credentialed scan

  F. A blue-team exercise

  G. Unknown environment penetration testing

  Correct Answer: BE

  The correct answer is B and E. An agent-based scan and a credentialed scan can help verify if the vulnerability related to outdated web-server software is a true positive with the least effort and cost. An agent-based scan is a type of vulnerability scan that uses software agents installed on the target systems to collect and report data on vulnerabilities. This method can provide more accurate and detailed results than a network-based scan, which relies on network traffic analysis and probes1. An agent-based scan can also reduce the network bandwidth and performance impact of scanning, as well as avoid triggering false alarms from intrusion detection systems2. A credentialed scan is a type of vulnerability scan that uses valid login credentials to access the target systems and perform a more thorough and comprehensive assessment of their configuration, patch level, and vulnerabilities. A credentialed scan can identify vulnerabilities that are not visible or exploitable from the network level, such as missing updates, weak passwords, or misconfigured services3. A credentialed scan can also reduce the risk of false positives and false negatives, as well as avoid causing damage or disruption to the target systems3. A network-based scan, a port scan, a red-team exercise, a blue-team exercise, and unknown environment penetration testing are not the best options to verify if the vulnerability is a true positive with the least effort and cost. A network-based scan and a port scan may not be able to detect the vulnerability if it is not exposed or exploitable from the network level. A red-team exercise, a blue-team exercise, and unknown environment penetration testing are more complex, time-consuming, and costly methods that involve simulating real-world attacks or defending against them. These methods are more suitable for testing the overall security posture and resilience of an organization, rather than verifying a specific vulnerability4.

• Question 449:

  An organization hosts an ERP database in on-premises infrastructure. A recommendation has been made to migrate the ERP solution to reduce operational overhead in the maintenance of the data center. Which of the following should be considered when migrating this on-premises database to DBaaS?

  A. Database application version compatibility Database IOPS values Database storage utilization

  B. Physical database server CPU cache value Physical database server DAS type Physical database server network I/O

  C. Database total user count Database total number of tables Database total number of storage procedures Physical database server memory configuration Physical database server CPU frequency

  D. Physical database server operating system

  Correct Answer: A

• Question 450:

  An organization has decided to implement the following network segregation:

  

  Below is a configuration of an application server:

  

  The application team is unable to establish connectivity to another server, which has the IP address 10.10.10.180. Which of the following is the MOST likely reason for the issue?

  A. Incorrect routing configuration

  B. Incorrect NIC1 configuration

  C. Incorrect gateway in NIC 1

  D. Incorrect subnet mask in NIC2

  Correct Answer: A