CompTIA CompTIA Certifications CV0-004 Questions & Answers

• Question 191:

  A customer relationship management application, which is hosted in a public cloud laaS network, is vulnerable to a remote command execution vulnerability.

  Which of the following is the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?

  A. IPS

  B. ACL

  C. DLP

  D. WAF

  Correct Answer: D

  A Web Application Firewall (WAF) is the best solution to implement for a public cloud IaaS hosted customer relationship management application vulnerable to remote command execution attacks. WAFs are designed to monitor, filter, and block malicious HTTP/S traffic to and from a web application to protect against various application layer attacks, including remote command execution. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Security in the Cloud

• Question 192:

  Department supervisors have requested a report that will help them understand the utilization of cloud resources, make decisions about budgeting for the following year, and reduce costs.

  Which of the following are the most important requisite steps to create the report? (Select two).

  A. Set the desired retention of resource logs.

  B. Configure application tracing.

  C. Integrate email alerts with ticketing software.

  D. Enable resource tagging.

  E. Configure the collection of performance/utilization logs.

  F. Configure metric threshold alerts.

  Correct Answer: DE

  To create a report that helps understand the utilization of cloud resources, make budget decisions, and reduce costs, the most important steps are to enable resource tagging and configure the collection of performance/utilization logs. Resource tagging helps in categorizing and tracking costs by associating tags with resources, while performance/utilization logs are essential for analyzing resource usage over time. References: CompTIA Cloud+ Study Guide (V0004) - Chapter on Cloud Management

• Question 193:

  An engineer wants to scale several cloud workloads on demand. Which of the following approaches is the most suitable?

  A. Load

  B. Scheduled

  C. Manual

  D. Trending

  Correct Answer: A

  Load scaling is the most suitable approach for scaling several cloud workloads on demand. It automatically adjusts the number of active servers in a cloud environment based on the current load or traffic, ensuring that resources are efficiently utilized to meet demand without manual intervention. This approach helps maintain optimal performance and availability, particularly during unexpected surges in workload or traffic. References: Understanding cloud management and technical operations, including scaling strategies, is crucial for optimizing resource utilization and performance in cloud environments, as outlined in the CompTIA Cloud+ objectives.

• Question 194:

  A company operates a website that allows customers to upload, share, and retain full ownership of their photographs. Which of the following could affect image ownership as the website's usage expands globally?

  A. Sovereignty

  B. Data classification

  C. Litigation holds

  D. Retention

  Correct Answer: A

  Data sovereignty refers to the legal implications of storing data in a country, subject to that country's laws. As the website's usage expands globally, data sovereignty becomes a critical concern because laws governing data ownership, privacy, and rights can vary significantly from one jurisdiction to another, potentially affecting the users' ownership rights over their photographs.

• Question 195:

  A cloud engineer is exploring options to reduce the management overhead of the servers and network. Which of the following cloud service models should the engineer implement?

  A. SaaS

  B. XaaS

  C. PaaS

  D. laaS

  Correct Answer: C

  Platform as a Service (PaaS) provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.

  Adopting PaaS can significantly reduce the management overhead of servers and networks.

  References: CompTIA Cloud Essentials+ Certification Study Guide (LO-002) by Scott Wilson.

• Question 196:

  A security engineer recently discovered a vulnerability in the operating system of the company VMs. The operations team reviews the issue and decides all VMs need to be updated from version 3.4.0 to 3.4.1. Which of the following best describes the type of update that will be applied?

  A. Consistent

  B. Major

  C. Minor

  D. Ephemeral

  Correct Answer: C

  The update from version 3.4.0 to 3.4.1 is considered a minor update, typically involving small bug fixes or security patches that do not include major feature changes or improvements. References: CompTIA Cloud+ Study Guide (V0-004) - Chapter on Systems Management

• Question 197:

  A customer is migrating applications to the cloud and wants to grant authorization based on the classification levels of each system. Which of the following should the customer implement to ensure authorisation to systems is granted when the user and system classification properties match? (Select two).

  A. Resource tagging

  B. Discretionary access control

  C. Multifactor authentication

  D. Role-based access control

  E. Token-based authentication

  F. Bastion host

  Correct Answer: BD

  Discretionary Access Control (DAC) and Role-Based Access Control (RBAC) are effective methods for granting authorization based on system classification levels. DAC allows resource owners to grant access rights, making it flexible for environments with varying classification levels. RBAC assigns permissions based on roles within an organization, aligning access rights with the user's job functions and ensuring that users access only what is necessary for their role, which can be mapped to system classifications. References: CompTIA Cloud+ content covers various access control models, emphasizing the importance of implementing appropriate security measures that align with organizational policies and classification levels to ensure secure and authorized access to cloud systems.

• Question 198:

  A cloud administrator wants to provision a host with two VMs. The VMs require the following: After configuring the servers, the administrator notices that during certain hours of the day, the performance heavily degrades. Which of the following is the best explanation?

  

  A. The host requires additional physical CPUs.

  B. A higher number of processes occur at those times.

  C. The RAM on each VM is insufficient.

  D. The storage is overutilized.

  Correct Answer: C

  Given the provided table, the VMs have been allocated 2GB of RAM each, which may be insufficient for their workload, especially during peak hours which could lead to performance degradation. Insufficient RAM can cause the VMs to use

  swap space on disk, which is significantly slower and can lead to poor performance.

  References: CompTIA Cloud+ Certification Study Guide (V0-004) by Scott Wilson and Eric Vanderburg.

• Question 199:

  A company has one cloud-based web server that is prone to downtime during maintenance. Which of the following should the cloud engineer add to ensure high availability?

  A. A redundant web server behind a load balancer

  B. A backup cloud web server

  C. A secondary network link to the web server

  D. An autoscaling feature on the web server

  Correct Answer: A

  Adding a redundant web server behind a load balancer is the solution that will ensure high availability. If one server goes down for maintenance, the other can take over, ensuring that the web service remains available without interruption. References: High availability concepts, including the use of load balancers and redundant servers, are part of cloud infrastructure design as per CompTIA Cloud+.

• Question 200:

  A cloud engineer is extending on-premises services to a public cloud. The following design requirements must be considered in the overall solution:

  1.

  The ability to remotely connect systems from both environments

  2.

  No IP address conflicts or overlap

  3.

  Cost-effectiveness

  Which of the following cloud network concepts best meets these requirements?

  A. Dedicated connection

  B. VPN

  C. VLAN

  D. ACL

  Correct Answer: B

  A Virtual Private Network (VPN) is the most cost-effective solution for extending on-premises services to a public cloud while ensuring secure remote connectivity. VPNs can be configured to avoid IP address conflicts and overlap by using IP address translation and tunneling techniques, making them suitable for connecting disparate environments without significant changes to the existing network infrastructure.