CompTIA CompTIA Certifications CV0-004 Questions & Answers

• Question 131:

  An organization's internal security team mandated that public cloud resources must be accessible only by a corporate VPN and not by direct public internet access.

  Which of the following would achieve this objective?

  A. WAF

  B. ACL

  C. VPC

  D. SSH

  Correct Answer: C

  A Virtual Private Cloud (VPC) allows users to create a secluded section of the public cloud where resources can be launched in a defined virtual network. This enables an organization to have a section of the cloud that is secured and isolated from the public internet, thus, access to public cloud resources can be restricted to only a corporate VPN. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Cloud Security

• Question 132:

  Which of the following is an auditing procedure that ensures service providers securely manage the data to protect the interests of the organization and the privacy of its clients?

  A. CIS

  B. ITIL

  C. SOC2

  D. ISO 27001

  Correct Answer: C

  SOC2 (Service Organization Control 2) is an auditing procedure that ensures service providers securely manage data to protect the interests of an organization and the privacy of its clients. SOC2 is specifically designed for service providers

  storing customer data in the cloud, making it pertinent for data management and privacy.

  References: SOC2 and its role in auditing and ensuring secure data management by cloud service providers are part of the compliance standards and regulations included in the CompTIA Cloud+ certification material.

• Question 133:

  A systems administrator is provisioning VMs according to the following requirements:

  5.

  A VM instance needs to be present in at least two data centers.

  6.

  During replication, the application hosted on the VM tolerates a maximum latency of one second.

  7.

  When a VM is unavailable, failover must be immediate.

  Which of the following replication methods will best meet these requirements?

  A. Snapshot

  B. Transactional

  C. Live

  D. Point-in-time

  Correct Answer: C

  Live replication is the process of continuously copying data in real-time to ensure that an exact copy is available in another location. Given the requirement for immediate failover and the presence of the VM instance in at least two data centers, live replication is the best method to meet the one-second maximum latency tolerance and ensure immediate availability in the event of a VM becoming unavailable. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Disaster Recovery and Replication Methods

• Question 134:

  A cloud engineer wants containers to run the latest version of a container base image to reduce the number of vulnerabilities. The applications in use requite Python 3.10 and ate not compatible with any other version. The containers' images are created every time a new version is released from the source image. Given the container Dockerfile below: Which of the following actions will achieve the objectives with the least effort?

  

  A. Perform docker pull before executing docker run.

  B. Execute docker update using a local cron to get the latest container version.

  C. Change the image to use python:latest on the image build process.

  D. Update the Dockerfile to pin the source image version.

  Correct Answer: A

  Performing a "docker pull" before executing "docker run" ensures that the latest version of the container base image is used, aligning with the objective of reducing vulnerabilities. This command fetches the latest image version from the repository, ensuring that the container runs the most up-to-date and secure version of the base image. This approach is efficient and requires minimal effort, as it automates the process of maintaining the latest image versions for container deployments. References: Within the CompTIA Cloud+ examination scope, understanding management and technical operations in cloud environments, including container management and security, is critical. This includes best practices for maintaining up-to-date container images to minimize vulnerabilities.

• Question 135:

  A cloud engineer wants to implement a monitoring solution to detect cryptojacking and other cryptomining malware on cloud instances. Which of the following metrics would most likely be used to identify the activity?

  A. Disk I/O

  B. Network packets

  C. Average memory utilization

  D. Percent of CPU utilization

  Correct Answer: D

  To detect cryptojacking and other cryptomining malware on cloud instances, monitoring the percent of CPU utilization is most effective. Cryptomining malware typically consumes a significant amount of CPU resources for mining operations, leading to unusually high CPU usage. Monitoring and analyzing CPU utilization metrics can help identify instances of cryptojacking by highlighting abnormal levels of resource consumption. References: Understanding management and technical operations in cloud environments, as outlined in the CompTIA Cloud+ objectives, includes the use of monitoring solutions to detect and respond to security threats like cryptomining malware, ensuring the integrity and performance of cloud resources.

• Question 136:

  An organization's critical data was exfiltrated from a computer system in a cyberattack. A cloud analyst wants to identify the root cause and is reviewing the following security logs of a software web application:

  "2021/12/18 09:33:12" "10. 34. 32.18" "104. 224. 123. 119" "POST / login.php?u=administratorandp=or%201%20=1"

  "2021/12/18 09:33:13" "10.34. 32.18" "104. 224. 123.119" "POST /login.php?u=administratorandp=%27%0A"

  "2021/12/18 09:33:14" "10. 34. 32.18" "104. 224. 123. 119" "POST /login.php?u=administratorandp=%26"

  "2021/12/18 09:33:17" "10.34. 32.18" "104. 224. 123.119" "POST / login.php?u=administratorandp=%3B"

  "2021/12/18 09:33:12" "10.34. 32. 18" "104. 224. 123. 119" "POST / login.php?u=adminandp=or%201%20=1"

  "2021/12/18 09:33:19" "10.34.32.18" "104. 224. 123.119" "POST / login.php?u=adminandp=%27%0A"

  "2021/12/18 09:33:21" "10. 34. 32.18" "104.224. 123.119" "POST / login.php?u=adminandp=%26"

  "2021/12/18 09:33:23" "10. 34. 32.18" "104. 224. 123.119" "POST / login.php?u=adminandp=%3B"

  Which of the following types of attacks occurred?

  A. SQL injection

  B. Cross-site scripting

  C. Reuse of leaked credentials

  D. Privilege escalation

  Correct Answer: A

  The security logs of the software web application show patterns that are typical of an SQL injection attack. This is evidenced by the inclusion of SQL syntax in the user input fields in an attempt to manipulate the database. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Cloud Security Threats

• Question 137:

  Which of the following describes what CRUD is typically used for?

  A. Relational databases

  B. Time series databases

  C. Graph databases

  D. NoSQL databases

  Correct Answer: A

  CRUD stands for Create, Read, Update, Delete, and it is most commonly used for interacting with relational databases. These operations form the basis of persistent storage manipulation in most applications that use a database to store

  data.

  References:CompTIA Cloud+ Guide to Cloud Computing (ISBN: 978-1-64274-282-2)

• Question 138:

  A developer is deploying a new version of a containerized application. The DevOps team wants:

  1.

  No disruption

  2.

  No performance degradation

  3.

  Cost-effective deployment

  4.

  Minimal deployment time

  Which of the following is the best deployment strategy given the requirements?

  A. Canary

  B. In-place

  C. Blue-green

  D. Rolling

  Correct Answer: C

  The blue-green deployment strategy is the best given the requirements for no disruption, no performance degradation, cost-effective deployment, and minimal deployment time. It involves maintaining two identical production environments (blue and green), where one hosts the current application version and the other is used to deploy the new version. Once testing on the green environment is complete, traffic is switched from blue to green, ensuring a seamless transition with no downtime. References: Understanding various cloud deployment strategies, such as blue-green deployments, is essential for managing cloud environments effectively, as highlighted in the CompTIA Cloud+ objectives, to ensure smooth and efficient application updates.

• Question 139:

  A cloud engineer is designing a high-performance computing cluster for proprietary software. The software requires low network latency and high throughput between cluster nodes.

  Which of the following would have the greatest impact on latency and throughput when designing the HPC infrastructure?

  A. Node placement

  B. Node size

  C. Node NIC

  D. Node OS

  Correct Answer: A

  Node placement is critical in high-performance computing (HPC) clusters where low network latency and high throughput are required. Proper placement of nodes within the network infrastructure, including proximity to each other and to key network components, can significantly reduce latency and increase throughput. Ensuring that nodes are physically close and well-connected can facilitate faster data transfer rates between them. References: CompTIA Cloud+ Certification Study Guide (V0-004) by Scott Wilson and Eric Vanderburg

• Question 140:

  An administrator used a script that worked in the past to create and tag five virtual machines. All of the virtual machines have been created: however, the administrator sees the following results:

  { tags: [ ] }

  Which of the following is the most likely reason for this result?

  A. API throttling

  B. Service quotas

  C. Command deprecation

  D. Compatibility issues

  Correct Answer: C

  The most likely reason for the script creating virtual machines without tags, despite working in the past, is command deprecation. Cloud service providers update their APIs and CLI commands over time, and a previously used command to tag

  resources might no longer be valid.

  References: Understanding cloud service APIs and the importance of keeping up with updates is part of cloud technical operations covered in CompTIA Cloud+.