CompTIA CompTIA Certifications CV0-004 Questions & Answers

• Question 91:

  A cloud service provider requires users to migrate to a new type of VM within three months. Which of the following is the best justification for this requirement?

  A. Security flaws need to be patched.

  B. Updates could affect the current state of the VMs.

  C. The cloud provider will be performing maintenance of the infrastructure.

  D. The equipment is reaching end of life and end of support.

  Correct Answer: D

  The best justification for a cloud service provider requiring users to migrate to a new type of VM within a specific time frame is that the equipment is reaching end of life and end of support (EOL/EOS). This means that the older type of VM will no longer receive updates or support, which could include important security patches, so it is necessary to move to newer VM types to maintain security and performance. References: CompTIA Cloud+ Study Guide (V0-004) by Todd Montgomery and Stephen Olson

• Question 92:

  Which of the following communication methods between on-premises and cloud environments would ensure minimal-to-low latency and overhead?

  A. Site-to-site VPN

  B. Peer-to-peer VPN

  C. Direct connection

  D. peering

  Correct Answer: C

  A direct connection between on-premises and cloud environments involves a dedicated, private connection that does not traverse the public internet. This setup ensures minimal-to-low latency and overhead, providing more consistent network performance and reliability compared to other methods like VPNs or public internet connections, making it suitable for high-volume or latency-sensitive applications.

• Question 93:

  A company recently migrated to a public cloud provider. The company's computer incident response team needs to configure native cloud services tor detailed logging.

  Which of the following should the team implement on each cloud service to support root cause analysis of past events? {Select two).

  A. Log retention

  B. Tracing

  C. Log aggregation

  D. Log rotation

  E. Hashing

  F. Encryption

  Correct Answer: AC

  For detailed logging to support root cause analysis of past events, the team should implement log retention to ensure logs are kept for the necessary amount of time and log aggregation to compile logs from various sources for easier analysis

  and correlation.

  References: Log management practices, including retention and aggregation, are part of the cloud management strategies covered in the CompTIA Cloud+ curriculum, particularly in the domain of technical operations.

• Question 94:

  Which of the following vulnerability management concepts is best defined as the process of discovering vulnerabilities?

  A. Scanning

  B. Assessment

  C. Remediation

  D. Identification

  Correct Answer: D

  In vulnerability management, 'Identification' is the concept best defined as the process of discovering vulnerabilities. This step is crucial as it involves detecting vulnerabilities in systems, software, and networks, which is the first step in the vulnerability management process before moving on to assessment, remediation, and reporting.

• Question 95:

  A cloud engineer wants to replace the current on-premises. unstructured data storage with a solution in the cloud. The new solution needs to be cost-effective and highly scalable. Which of the following types of storage would be best to use?

  A. File

  B. Block

  C. Object

  D. SAN

  Correct Answer: C

  Object storage is ideal for cost-effective and highly scalable unstructured data. It allows for the storage of massive amounts of unstructured data in a flat namespace and is not constrained by the rigid structures of file or block storage. Object

  storage is highly durable and designed for high levels of scalability and accessibility.

  References: The suitability of object storage for unstructured data and scalability is a part of cloud storage technologies covered in CompTIA Cloud+ materials.

• Question 96:

  Which of the following is true of SSDs?

  A. SSDs do not have self-encrypting capabilities.

  B. SSDs have small storage capacities.

  C. SSDs can be used for high-IOP applications.

  D. SSDs are used mostly in cold storage.

  Correct Answer: C

  SSDs (Solid State Drives) are known for their high performance and can handle a high number of input/output operations per second (IOPS). This makes them ideal for applications and workloads thatrequire rapid access to storage, such as databases and high-performance computing applications. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Cloud Storage Options

• Question 97:

  A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

  

  Which of the following changes should the engineer make lo the file to improve container security?

  A. Add the instruction "JSER nonroot.

  B. Change the version from latest to 3.11.

  C. Remove the EHTRYPOIKT instruction.

  D. Ensure myapp/main.pyls owned by root.

  Correct Answer: A

  To improve container security, the engineer should add the instruction "USER nonroot" to the Dockerfile. This change ensures that the container does not run as the root user, which reduces the risk of privilege escalation attacks. Running

  containers as a non-root user is a best practice for enhancing security in containerized environments.

  References: CompTIA Cloud+ content includes security concerns, measures, and concepts for cloud operations, highlighting container security best practices such as running containers with least privilege to mitigate security risks.

• Question 98:

  A cloud engineer is designing a cloud-native, three-tier application. The engineer must adhere to the following security best practices:

  1.

  Minimal services should run on all layers of the stack.

  2.

  The solution should be vendor agnostic.

  3.

  Virealization could be used over physical hardware.

  Which of the following concepts should the engineer use to design the system to best meet these requirements?

  A. Virtual machine

  B. Micro services

  C. Fan-out

  D. Cloud-provided managed services

  Correct Answer: B

  Microservices architecture is the most suitable design principle that aligns with the security best practices mentioned. It involves developing a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. This architecture minimizes the services running on each layer, allows for vendor-agnostic solutions,and is well-suited for virtualization over physical hardware. References: Microservices as an architectural approach is discussed in the context of cloud-native applications within the CompTIA Cloud+ material.

• Question 99:

  Five thousand employees always access the company's public cloud-hosted web application on a daily basis during the same time frame. Some users have been reporting performance issues while attempting to connect to the web application.

  Which of the following is the best configuration approach to resolve this issue?

  A. Scale vertically based on a trend.

  B. Scale horizontally based on a schedule

  C. Scale vertically based on a load.

  D. Scale horizontally based on an event

  Correct Answer: B

  For a web application accessed by a large number of employees daily during the same time frame, the best configuration approach to resolve performance issues is to scale horizontally based on a schedule. This means adding more server

  instances to handle the load during known peak times.

  References: Cloud resource scaling strategies, including scheduled horizontal scaling, are discussed in the CompTIA Cloud+ curriculum under cloud management and optimization.

• Question 100:

  A cloud administrator is building a company-standard VM image, which will be based on a public image. Which of the following should the administrator implement to secure the image?

  A. ACLs

  B. Least privilege

  C. Hardening

  D. Vulnerability scanning

  Correct Answer: C

  Hardening a VM image involves implementing security measures to reduce vulnerabilities and protect against threats. This process includes removing unnecessary software, services, and permissions, ensuring that the remaining software is updated with the latest security patches, and configuring settings to enhance security. Starting with a public image, the administrator should apply hardening techniques to ensure the custom company-standard VM image is secure and resilient against attacks.