CompTIA CompTIA Certifications CV0-004 Questions & Answers

• Question 171:

  A user's assigned cloud credentials are locked, and the user is unable to access the project's application. The cloud administrator reviews the logs and notices several attempts to log in with the user's account were made to a different application after working hours.

  Which of the following is the best approach for the administrator to troubleshoot this issue?

  A. Create new credentials for the user and restrict access to the authorized application.

  B. Track the source of the log-in attempts and block the IP address of the source in the WAR

  C. Reset the user's account and implement a stronger lock-out policy.

  D. Install an IDS on the network to monitor suspicious activity

  Correct Answer: B

  The administrator should track the source of the log-in attempts and block the IP address in the Web Application Firewall (WAF). This will prevent further unauthorized attempts from that source. It is also advisable to reset the user's account

  credentials as a precautionary measure.

  References: Incident response and addressing unauthorized access attempts, including tracking and blocking IP addresses, are security measures addressed in the CompTIA Cloud+ material.

• Question 172:

  Which of the following storage resources provides higher availability and speed for currently used files?

  A. Warm/HDD

  B. Cold/SSD

  C. Hot/SSD

  D. Archive/HDD

  Correct Answer: C

  Hot storage using Solid State Drives (SSD) is designed for data that needs to be accessed frequently and quickly. SSDs provide faster access times compared to HDDs, making them suitable for high-availability and speed-critical files, such as those currently in use or requiring rapid access. References: CompTIA Cloud+ resources and storage tiering concepts

• Question 173:

  A systems engineer is migrating a batch of 25 VMs from an on-premises compute cluster to a public cloud using the public cloud's migration agent. The migration job shows data copies at a rate of 250Mbps. After five servers migrate, the data copies at a rate of 25Mbps.

  Which of the following should the engineer review first to troubleshoot?

  A. The on-premises VM host hardware utilization

  B. The on-premises ISP throttling rate

  C. The IOPS on the SAN backing the on-premises cluster

  D. The compute utilization of the VMs being migrated

  Correct Answer: A

  The engineer should review the on-premises VM host hardware utilization first. A decrease in transfer rate after a batch of migrations could suggest that the host hardware resources (like CPU, RAM, or network bandwidth) are becoming

  saturated, which would slow down additional migrations.

  References: CompTIA Cloud+ Certification Study Guide (V0- 004) by Scott Wilson and Eric Vanderburg.

• Question 174:

  Which of the following is a direct effect of cloud migration on an enterprise?

  A. The enterprise must reorganize the reporting structure.

  B. Compatibility issues must be addressed on premises after migration.

  C. Cloud solutions will require less resources than on-premises installations.

  D. Utility costs will be reduced on premises.

  Correct Answer: D

  Cloud migration typically results in a reduction of on-premises utility costs because the physical infrastructure requirements, such as power and cooling, are transferred to the cloud provider. This shift can lead to significant savings in utility

  expenses for the enterprise.

  References: CompTIA Cloud+ Guide to Cloud Computing (ISBN: 978-1-64274- 282-2)

• Question 175:

  An organization's security policy states that software applications should not exchange sensitive data in cleartext. The security analyst is concerned about a software application that uses Base64 to encode credit card data.

  Which of the following would be the best algorithm to replace Base64?

  A. 3DES

  B. AES

  C. RC4

  D. SHA-3

  Correct Answer: B

  AES (Advanced Encryption Standard) is the best algorithm to replace Base64 for secure data exchange. Base64 is an encoding method that is not secure by itself, as it's easily reversible. AES, on the other hand, is a widely used encryption

  standard that ensures data is protected and is not readable without the correct encryption key.

  References: Encryption standards and practices, including the use of AES for securing data, are essential knowledge in cloud security covered in CompTIA Cloud+.

• Question 176:

  A developer is building an application that has multiple microservices that need to communicate with each other. The developer currently manually updates the IP address of each service.

  Which of the following best resolves the communication issue and automates the process?

  A. Service discovery

  B. Fan-out

  C. Managed container services

  D. DNS

  Correct Answer: A

  Service discovery is a key component in microservices architectures, allowing services to dynamically discover and communicate with each other. By implementing service discovery, the developer can automate the process of updating service addresses, resolving the communication issue without manual updates to IP addresses, thus ensuring seamless interaction between the microservices. References: CompTIA Cloud+ resources and microservices architecture principles

• Question 177:

  A developer at a small startup company deployed some code for a new feature to its public repository. A few days later, a data breach occurred. A security team investigated the incident and found that the database was hacked.

  Which of the following is the most likely cause of this breach?

  A. Database core dump

  B. Hard-coded credentials

  C. Compromised deployment agent

  D. Unpatched web servers

  Correct Answer: B

  Hard-coded credentials within code, especially when deployed in a public repository, are a common security vulnerability. If credentials such as passwords or API keys are embedded in the code, anyone with access to the repository can

  potentially use them to gain unauthorized access to databases or other sensitive resources. This is a likely cause of the data breach in the scenario described.

  References: CompTIA Security+ Guide to Network Security Fundamentals by Mark Ciampa.

• Question 178:

  A cloud engineer was deploying the company's payment processing application, but it failed with the following error log:

  ERFOR:root: Transaction failed http 429 response, please try again

  Which of the following are the most likely causes for this error? (Select two).

  A. API throttling

  B. API gateway outage

  C. Web server outage

  D. Oversubscription

  E. Unauthorized access

  F. Insufficient quota

  Correct Answer: AF

  The error "http 429 response, please try again" typically indicates API throttling, where the number of requests exceeds the rate limit set by the API provider, and insufficient quota, where the allowed number of API calls within a given

  timeframe has been exceeded.

  References: API throttling and quota management are key concepts in the management of cloud resources, as highlighted in the CompTIA Cloud+ curriculum.

• Question 179:

  An administrator received a report that company data has been compromised. The compromise occurred on a holiday, and no one in the organization was working. While reviewing the logs from the holiday, the administrator noted the following details:

  

  The most appropriate action for the cloud security analyst to recommend is using CIS- hardened images. These images are pre-configured by the Center for Internet Security to provide security benchmark standards that help in mitigating vulnerabilities in publicly available container images.

  Which of the following accounts should the administrator disable to prevent a further breach?

  A. Cloud administrator

  B. Human resources manager

  C. Security engineer

  D. Software developer

  Correct Answer: D

  Based on the provided log details, the account of the Software Developer was used to gain unauthorized access. This account should be disabled to prevent further breaches, especially considering no one from the organization was working during the holiday, suggesting a compromised account. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Cloud Security Posture

• Question 180:

  A cloud administrator shortens the amount of time a backup runs. An executive in the company requires a guarantee that the backups can be restored with no data loss.

  Which of th following backup features should the administrator lest for?

  A. Encryption

  B. Retention

  C. Schedule

  D. Integrity

  Correct Answer: D

  To guarantee that backups can be restored with no data loss, the administrator should test for data integrity. This ensures that the data has not been altered during the backup process and that it can be restored to its original state. References:Backup integrity is a critical aspect of data management and protection, which falls under the best practices for backups and restoration in the CompTIA Cloud+ curriculum.