New Year Special Limited Time 70% Discount Offer - Ends in 1d 8h 52m 54s - Coupon code: 70special

CompTIA CV0-003 CompTIA Cloud+ Certification Exam Exam Practice Test

Page: 1 / 46
Total 456 questions

CompTIA Cloud+ Certification Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A systems administrator is configuring updates on a system. Which of the following update branches should the administrator choose to ensure the system receives updates that are maintained for at least four years?

Options:

A.

LTS

B.

Canary

C.

Beta

D.

Stable

Question 2

An organization is currently deploying a private cloud model. All devices should receive the time from the local environment with the least administrative effort. Which of the following ports needs to be opened to fulfill this requirement?

Options:

A.

53

B.

67

C.

123

D.

161

Question 3

A systems administrator wants to ensure two VMs remain together on the same host. Which of the following must be set up to enable this functionality?

Options:

A.

Affinity

B.

Zones

C.

Regions

D.

A cluster

Question 4

A company needs to access the cloud administration console using its corporate identity. Which of the following actions would MOST likely meet the requirements?

Options:

A.

Implement SSH key-based authentication.

B.

Implement cloud authentication with local LDAP.

C.

Implement multifactor authentication.

D.

Implement client-based certificate authentication.

Question 5

An engineer is responsible for configuring a new firewall solution that will be deployed in a new public cloud environment. All traffic must pass through the firewall. The SLA for the firewall is 99.999%. Which of the following should be deployed?

Options:

A.

Two load balancers behind a single firewall

B.

Firewalls in a blue-green configuration

C.

Two firewalls in a HA configuration

D.

A web application firewall

Question 6

A cloud security analyst is implementing a vulnerability scan of the web server in the DMZ, which is running in an IaaS compute instance. The default inbound firewall settings are as follows:

Which of the following will provide the analyst with the MOST accurate report?

Options:

A.

An agent-based scan

B.

A network vulnerability scan

C.

A default and common credentialed scan

D.

A network credentialed vulnerability scan

Question 7

A company has an in-house-developed application. The administrator wants to utilize cloud services for additional peak usage workloads. The application has a very unique stack of dependencies.

Which of the following cloud service subscription types would BEST meet these requirements?

Options:

A.

PaaS

B.

SaaS

C.

DBaaS

D.

IaaS

Question 8

A cloud administrator is working in a secure government environment. The administrator needs to implement corrective action due to recently identified security issue on the OS of a VM that is running a facility-management application in a cloud environment. The administrator needs to consult the application vendor, so it might take some time to resolve the issue. Which of the following is the FIRST action the administrator should take while working on the resolution?

Options:

A.

Shut down the server.

B.

Upgrade the OS

C.

Update the risk register.

D.

Raise a problem ticket.

Question 9

A cloud administrator needs to reduce the cost of cloud services by using the company's off-peak period. Which of the following would be the BEST way to achieve this with minimal effort?

Options:

A.

Create a separate subscription.

B.

Create tags.

C.

Create an auto-shutdown group.

D.

Create an auto-scaling group.

Question 10

Users are experiencing slow response times from an intranet website that is hosted on a cloud platform. There is a site-to-site VPN connection to the cloud provider over a link of 100Mbps.

Which of the following solutions will resolve the issue the FASTEST?

Options:

A.

Change the connection to point-to-site VPN

B.

Order a direct link to the provider

C.

Enable quality of service

D.

Upgrade the link to 200Mbps

Question 11

Which of the following definitions of serverless computing BEST explains how it is different from using VMs?

Options:

A.

Serverless computing is a cloud-hosting service that utilizes infrastructure that is fully managed by the CSP.

B.

Serverless computing uses predictable billing and offers lower costs than VM compute services.

C.

Serverless computing is a scalable, highly available cloud service that uses SDN technologies.

D.

Serverless computing allows developers to focus on writing code and organizations to focus on business.

Question 12

A VDI administrator has received reports from the drafting department that rendering is slower than normal. Which of the following should the administrator check FIRST to optimize the performance of the VDI infrastructure?

Options:

A.

GPU

B.

CPU

C.

Storage

D.

Memory

Question 13

An administrator recently provisioned a file server in the cloud. Based on financial considerations, the administrator has a limited amount of disk space. Which of the following will help control the amount of space that is being used?

Options:

A.

Thick provisioning

B.

Software-defined storage

C.

User quotas

D.

Network file system

Question 14

A cloud engineer is responsible for managing a public cloud environment. There is currently one virtual network that is used to host the servers in the cloud environment. The environment is rapidly growing, and the network does not have any more available IP addresses. Which of the following should the engineer do to accommodate additional servers in this environment?

Options:

A.

Create a VPC and peer the networks.

B.

Implement dynamic routing.

C.

Enable DHCP on the networks.

D.

Obtain a new IPAM subscription.

Question 15

Which of the following service models would be used for a database in the cloud?

Options:

A.

PaaS

B.

laaS

C.

CaaS

D.

SaaS

Question 16

A company recently experienced a power outage that lasted 30 minutes. During this time, a whole rack of servers was inaccessible, even though the servers did not lose power.

Which of the following should be investigated FIRST?

Options:

A.

Server power

B.

Rack power

C.

Switch power

D.

SAN power

Question 17

A cloud security analyst needs to ensure the web servers in the public subnet allow only secure communications and must remediate any possible issue. The stateful configuration for the public web servers is as follows:

Which of the following actions should the analyst take to accomplish the objective?

Options:

A.

Remove rules 1, 2, and 5.

B.

Remove rules 1, 3, and 4.

C.

Remove rules 2, 3, and 4.

D.

Remove rules 3, 4, and 5.

Question 18

A systems administrator is deploying a new cloud application and needs to provision cloud services with minimal effort. The administrator wants to reduce the tasks required for maintenance, such as OS patching, VM and volume provisioning, and autoscaling configurations. Which of the following would be the BEST option to deploy the new application?

Options:

A.

A VM cluster

B.

Containers

C.

OS templates

D.

Serverless

Question 19

A company is considering consolidating a number of physical machines into a virtual infrastructure that will be located at its main office. The company has the following requirements:

High-performance VMs

More secure

Has system independence

Which of the following is the BEST platform for the company to use?

Options:

A.

Type 1 hypervisor

B.

Type 2 hypervisor

C.

Software application virtualization

D.

Remote dedicated hosting

Question 20

A disaster situation has occurred, and the entire team needs to be informed about the situation. Which of the following documents will help the administrator find the details of the relevant team members for escalation?

Options:

A.

Chain of custody

B.

Root cause analysis

C.

Playbook

D.

Call tree

Question 21

Which of the following actions should a systems administrator perform during the containment phase of a security incident in the cloud?

Options:

A.

Deploy a new instance using a known-good base image.

B.

Configure a firewall rule to block the traffic on the affected instance.

C.

Perform a forensic analysis of the affected instance.

D.

Conduct a tabletop exercise involving developers and systems administrators.

Question 22

A cloud administrator has been using a custom VM deployment script. After three months of use, the script no longer joins the LDAP domain. The cloud administrator verifies the account has the correct permissions. Which of the following is the MOST likely cause of the failure?

Options:

A.

Incorrect encryption ciphers

B.

Broken trust relationship

C.

Invalid certificates

D.

Expired password

Question 23

A systems administrator is trying to reduce storage consumption. Which of the following file types would benefit the MOST from compression?

Options:

A.

System files

B.

User backups

C.

Relational database

D.

Mail database

Question 24

A cloud administrator has deployed a new VM. The VM cannot access the Internet or the VMs on any other subnet. The administrator runs a network command and sees the following output:

The new VM can access another VM at 172.16.31.39. The administrator has verified the IP address is correct. Which of the following is the MOST likely cause of the connectivity issue?

Options:

A.

A missing static route

B.

A duplicate IP on the network

C.

Firewall issues

D.

The wrong gateway

Question 25

An organization is developing a new solution for hosting an external website. The systems administrator needs the ability to manage the OS. Which of the following methods would be MOST suitable to achieve this objective?

Options:

A.

Deploy web servers into an laaS provider.

B.

Implement a cloud-based VDI solution.

C.

Provision web servers in a container environment.

D.

Use PaaS components in the cloud to implement the product.

Question 26

A systems administrator is creating a VM and wants to ensure disk space is not allocated to the VM until it is needed. Which of the following techniques should the administrator use to ensure?

Options:

A.

Deduplication

B.

Thin provisioning

C.

Software-defined storage

D.

iSCSI storage

Question 27

A company is concerned about the security of its data repository that contains customer PII. A systems administrator is asked to deploy a security control that will prevent the exfiltration of such data. Which of the following should the systems administrator implement?

Options:

A.

DLP

B.

WAF

C.

FIM

D.

ADC

Question 28

A system administrator is migrating a bare-metal server to the cloud. Which of the following types of migration should the systems administrator perform to accomplish this task?

Options:

A.

V2V

B.

V2P

C.

P2P

D.

P2V

Question 29

A systems administrator adds servers to a round-robin, load-balanced pool, and then starts receiving reports of the website being intermittently unavailable. Which of the following is the MOST likely cause of the issue?

Options:

A.

The network is being saturated.

B.

The load balancer is being overwhelmed.

C.

New web nodes are not operational.

D.

The API version is incompatible.

E.

There are time synchronization issues.

Question 30

Some VMs that are hosted on a dedicated host server have each been allocated with 32GB of memory. Some of VMs are not utilizing more than 30% of the allocation. Which of the following should be enabled to optimize the memory utilization?

Options:

A.

Auto-scaling of compute

B.

Oversubscription

C.

Dynamic memory allocations on guests

D.

Affinity rules in the hypervisor

Question 31

A systems administrator is configuring network management but is concerned about confidentiality. Which of the following should the administrator configure to address this concern?

Options:

A.

SNMPv3

B.

Community strings

C.

IPSec tunnels

D.

ACLs

Question 32

After a few new web servers were deployed, the storage team began receiving incidents in their queue about the web servers. The storage administrator wants to verify the incident tickets that should have gone to the web server team. Which of the following is the MOST likely cause of the issue?

Options:

A.

Incorrect assignment group in service management

B.

Incorrect IP address configuration

C.

Incorrect syslog configuration on the web servers

D.

Incorrect SNMP settings

Question 33

A DevOps administrator is designing a new machine-learning platform. The application needs to be portable between public and private clouds and should be kept as small as possible. Which of the following approaches would BEST meet these requirements?

Options:

A.

Virtual machines

B.

Software as a service

C.

Serverless computing

D.

Containers

Question 34

A company is planning to migrate applications to a public cloud, and the Chief Information Officer (CIO) would like to know the cost per business unit for the applications in the cloud. Before the migration, which of the following should the administrator implement FIRST to assist with reporting the cost for each business unit?

Options:

A.

An SLA report

B.

Tagging

C.

Quotas

D.

Showback

Question 35

A cloud solutions architect has received guidance to migrate an application from on premises to a public cloud. Which of the following requirements will help predict the operational expenditures in the cloud?

Options:

A.

Average resource consumption

B.

Maximum resource consumption

C.

Minimum resource consumption

D.

Actual hardware configuration

Question 36

A systems administrator needs to modify the replication factors of an automated application container from 3 to 5. Which of the following file types should the systems administrator modify on the master controller?

Options:

A.

.yaml

B.

. txt

C.

.conf

D.

.etcd

Question 37

A systems administrator is configuring a storage system for maximum performance and redundancy. Which of the following storage technologies should the administrator use to achieve this?

Options:

A.

RAID 5

B.

RAID 6

C.

RAID 10

D.

RAID 50

Question 38

A cloud administrator is responsible for managing a VDI environment that provides end users with access to limited applications. Which of the following should the administrator make changes to when a new application needs to be provided?

Options:

A.

Application security policy

B.

Application whitelisting policy

C.

Application hardening policy

D.

Application testing policy

Question 39

A systems administrator needs to deploy a solution to automate new application releases that come from the development team. The administrator is responsible for provisioning resources at the infrastructure layer without modifying any configurations in the application code. Which of the following would BEST accomplish this task?

Options:

A.

Implementing a CI/CD tool

B.

Configuring infrastructure as code

C.

Deploying an orchestration tool

D.

Employing DevOps methodology

Question 40

A systems administrator needs to migrate email services to the cloud model that requires the least amount of administrative effort. Which of the following should the administrator select?

Options:

A.

DBaaS

B.

SaaS

C.

IaaS

D.

PaaS

Question 41

A company would like to migrate its current on-premises workloads to the public cloud. The current platform requires at least 80 instances running at all times to work properly. The company wants the workload to be highly available, even if the cloud provider loses one region due to a catastrophe, and the costs to be kept to a minimum. Which of the following strategies should the company implement?

Options:

A.

Create /25 subnets in two regions and run 80 instances on each one.

B.

Create /26 subnets in two regions and run 40 instances on each one.

C.

Create /26 subnets in three regions and run 40 instances on each one.

D.

Create /26 subnets in three regions and run 80 instances on each one.

Question 42

A large pharmaceutical company needs to ensure it is in compliance with the following requirements:

• An application must run on its own virtual machine.

• The hardware the application is hosted on does not change.

Which of the following will BEST ensure compliance?

Options:

A.

Containers

B.

A firewall

C.

Affinity rules

D.

Load balancers

Question 43

A cloud administrator is monitoring a database system and notices an unusual increase in the read operations, which is causing a heavy load in the system. The system is using a relational database and is running in a VM. Which of the following should the administrator do to resolve the issue with minimal architectural changes?

Options:

A.

Migrate the relational database to a NoSQL database.

B.

Use a cache system to store reading operations.

C.

Create a secondary standby database instance.

D.

Implement the database system using a DBaaS.

Question 44

A cloud architect is deploying a web application that contains many large images and will be accessed on two continents. Which of the following will MOST improve the user experience while keeping costs low?

Options:

A.

Implement web servers in both continents and set up a VPN between the VPCs.

B.

Implement web servers on both continents and peer the VPCs.

C.

Implement a CDN and offload the images to an object storage.

D.

Implement a replica of the entire solution on every continent.

Question 45

A DevOps administrator is building a new application slack in a private cloud. This application will store sensitive information and be accessible from the internet. Which of the following would be MOST useful in maintaining confidentiality?

Options:

A.

NAC

B.

IDS

C.

DLP

D.

EDR

Question 46

A systems administrator is using a configuration management tool to perform maintenance tasks in a system. The tool is leveraging the target system's API to perform these maintenance tasks. After a number of features and security updates are applied to the target system, the configuration management tool no longer works as expected. Which of the following is the MOST likely cause of the issue?

Options:

A.

The target system's API functionality has been deprecated.

B.

The password for the service account has expired.

C.

The IP addresses of the target system have changed.

D.

The target system has failed after the updates.

Question 47

A company is using a method of tests and upgrades in which a small set of end users are exposed to new services before the majority of other users. Which of the following deployment methods is being used?

Options:

A.

Blue-green

B.

Canary

C.

Big bang

D.

Rolling

Question 48

A cloud administrator is configuring several security appliances hosted in the private laaS environment to forward the logs to a central log aggregation solution using syslog. Which of the following firewall rules should the administrator add to allow the web servers to connect to the central log collector?

Options:

A.

Allow UDP 161 outbound from the web servers to the log collector .

B.

Allow TCP 514 outbound from the web servers to the log collector.

C.

Allow UDP 161 inbound from the log collector to the web servers .

D.

Allow TCP 514 inbound from the log collector to the web servers .

Question 49

An administrator manages a file server that has a lot of users accessing and creating many files. As a result, the storage consumption is growing quickly. Which of the following would BEST control storage usage?

Options:

A.

Compression

B.

File permissions

C.

User quotas

D.

Access policies

Question 50

While investigating network traffic, a cloud administrator discovers the monthly billing has increased substantially. Upon further review, it appears the servers have been compromised, and sensitive files have been exfiltrated. Which of the following can be implemented to maintain data confidentiality?

Options:

A.

Hardening

B.

IAM

C.

Encryption

D.

IPSec

Question 51

After initial stress testing showed that a platform performed well with the specification of a single 32 vCPU node, which of the following will provide the desired service with the LOWEST cost and downtime?

Options:

A.

One 32 vCPU node with CDN caching

B.

Two 8 vCPU nodes with load balancing

C.

Three to six 8 vCPU nodes autoscaling group

D.

Four 8 vCPU nodes with DNS round robin

Question 52

A company has two identical environments (X and Y) running its core business application. As part of an upgrade, the X environment is patched/upgraded and tested while the Y environment is still serving the consumer workloads. Upon successful testing of the X environment, all workload is sent to this environment, and the Y environment is then upgraded before both environments start to manage the workloads. Which of the following upgrade methods is being used?

Options:

A.

Active-passive

B.

Canary

C.

Development/production

D.

Blue-green

Question 53

A systems administrator is planning a penetration test for company resources that are hosted in a public cloud. Which of the following must the systems administrator do FIRST?

Options:

A.

Consult the law for the country where the company’s headquarters is located

B.

Consult the regulatory requirements for the company’s industry

C.

Consult the law for the country where the cloud services provider is located

D.

Consult the cloud services provider's policies and guidelines

Question 54

A company is performing a DR drill and is looking to validate its documentation. Which of the following metrics will determine the service recovery duration?

Options:

A.

MTTF

B.

SLA

C.

RTO

D.

RPO

Question 55

A systems administrator must ensure confidential company information is not leaked to competitors. Which of the following services will BEST accomplish this goal?

Options:

A.

CASB

B.

IDS

C.

FIM

D.

EDR

E.

DLP

Question 56

Over the last couple of years, the growth of a company has required a more complex DNS and DHCP environment. Which of the following should a systems administration team implement as an appropriate solution to simplify management?

Options:

A.

IPAM

B.

DoH

C.

VLAN

D.

SDN

Question 57

A security audit related to confidentiality controls found the following transactions occurring in the system:

GET &user=277

Which of the following solutions will solve the audit finding?

Options:

A.

Using a TLS-protected API endpoint

B.

Implementing a software firewall

C.

Deploying a HIDS on each system

D.

Implementing a Layer 4 load balancer

Question 58

A systems administrator needs to implement a service to protect a web application from external attacks. The administrator must have session-based granular control of all HTTP traffic. Which of the following should the administrator configure?

Options:

A.

IDS

B.

WAF

C.

DLP

D.

NAC

Question 59

A security analyst is investigating incidents in which attackers are able to access sensitive data from a corporate application's database. The attacks occur periodically and usually

after the release of a new application's version. The following log confirms the compromise:

USER: WebApp access—key accepted

WebApp user assumed DBA role

GetData API call executed

The following actions are made after every incident occurrence:

• Validation of firewall rules

• Scripted rebuild of the database and web instances

• Application deployment from a cloud code repository

Which of the following actions will MOST likely prevent future compromises?

Options:

A.

Rotating the account credentials

B.

Migrating the database to be on premises

C.

Forbidding the use of API calls to retrieve data

D.

Implementing a new database service account

Question 60

A company is deploying a public cloud solution for an existing application using lift and shift. The requirements for the applications are scalability and external access. Which of the following should the company implement? (Select TWO).

Options:

A.

A load balancer

B.

SON

C.

A firewall

D.

SR-IOV

E.

Storage replication

F.

A VPN

Question 61

A piece of software applies licensing fees on a socket-based model. Which of the following is the MOST important consideration when attempting to calculate the licensing costs for this software?

Options:

A.

The amount of memory in the server

B.

The number of CPUs in the server

C.

The type of cloud in which the software is deployed

D.

The number of customers who will be using the software

Question 62

A systems administrator is responding to an outage in a cloud environment that was caused by a network-based flooding attack. Which of the following should the administrator configure to mitigate the attack?

Options:

A.

NIPS

B.

Network overlay using GENEVE

C.

DDoS protection

D.

DoH

Question 63

A company with a worldwide presence wants to improve the user experience for its website. Which of the following can a systems administrator implement to improve download speeds and latency for the end users?

Options:

A.

A CDN solution

B.

An MPLS connection between data centers

C.

A DNS round robin

D.

A site-to-site VPN between data centers

Question 64

A systems administrator is working on the backup schedule for a critical business application that is running in a private cloud. Which of the following would help the administrator schedule the frequency of the backup job?

Options:

A.

RPO

B.

MTTR

C.

SLA

D.

RTO

Question 65

A startup online gaming company is designing the optimal graphical user experience for multiplayer scenarios. However, online players have reported latency issues. Which of the following should the company configure as a remediation?

Options:

A.

Additional GPU memory

B.

Faster clock speed

C.

Additional CPU cores

D.

Dynamic allocations

Question 66

A systems administrator is troubleshooting issues with network slowness. Traffic analysis shows that uplink bandwidth on the core switch is often sustained at 125Mbps due to a

combination of production traffic from other sources. Which of the following would BEST resolve the issue?

Options:

A.

Turn off the servers that use the most bandwidth.

B.

Enable QoS to prioritize production traffic.

C.

Increase the buffer size on the core switch.

D.

Reboot the core switch.

Question 67

During a security incident, an laaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?

Options:

A.

Isolate the instance from the network into quarantine.

B.

Perform a memory acquisition in the affected instance.

C.

Create a snapshot of the volumes attached to the instance.

D.

Replace the instance with another from the baseline.

Question 68

A VDI administrator is enhancing the existing environment with a feature to allow users to connect devices to virtual workstations. Which of the following types of devices are most likely to be allowed in the upgrade? (Select two).

Options:

A.

Display monitors

B.

USB devices

C.

SATA devices

D.

PCIe devices

E.

PCI devices

F.

Printers

Question 69

A cloud solutions architect is working on a private cloud environment in which storage consumption is increasing daily, resulting in high costs. Which of the following can the architect use to provide more space without adding more capacity? (Select two).

Options:

A.

Tiering

B.

Deduplication

C.

RAID provisioning

D.

Compression

E.

Flash optimization

F.

NVMe

Question 70

An organization has a web-server farm. Which of the following solutions should be implemented to obtain efficient distribution of requests to theservers?

Options:

A.

A clustered web server infrastructure

B.

A load-balancing appliance

C.

A containerized application

D.

Distribution of web servers across different regions and zones

Question 71

A cloud administrator is reviewing the current private cloud and public laaS environment, and is building an optimization plan. Portability is of great concern for the administrator so resources can be easily moved from one environment to another.

Which of the following should the administrator implement?

Options:

A.

Serverless

B.

CDN

C.

Containers

D.

Deduplication

Question 72

As a result of an IT audit, a customer has decided to move some applications from an old legacy system to a private cloud. The current server location is remote with low bandwidth. Which of the following is the best migration strategy to use for this deployment?

Options:

A.

P2V with physical data transport

B.

P2P with remote data copy

C.

V2V with physical data transport

D.

V2P with physical data transport

E.

V2P with remote data copy

Question 73

A systems administrator deployed a new web application in a public cloud and would like to test it, but the company's network firewall is only allowing outside connections to the cloud provider network using TCP port 22. While waiting for the network administrator to open the required ports, which of the following actions should the systems administrator take to test the new application? (Select two).

Options:

A.

Create an IPSec tunnel.

B.

Create a VPN tunnel.

C.

Open a browser using the default gateway IP address.

D.

Open a browser using the localhost IP address.

E.

Create a GRE tunnel.

F.

Create a SSH tunnel.

Question 74

A cloud security analyst needs to ensure the web servers in the public subnet allow only secure communications and must remediate any possible issue. The stateful configuration for the public web servers is as follows:

Which Of the following actions Should the analyst take to accomplish the Objective?

Options:

A.

Remove rules I, 2. and 5.

B.

Remove rules I, 3, and 4.

C.

Remove rules 2.3. and 4.

D.

Remove rules 3.4. and 5.

Question 75

A systems administrator is tasked with configuring a cloud-based disaster recovery solution. The organization requires that the recovery point objective (RPO) be as low as possible while keeping costs manageable. Which of the following strategies best meets this requirement?

Options:

A.

Incremental backups with snapshots.

B.

Differential backups stored on a warm site.

C.

Replication of critical data to a cold site.

D.

Full backups stored offsite.

Question 76

A systems administrator is trying to connect to a remote KVM host. The command line appears as follows:

After logging in to the remote server, the administrator verifies the daemon is running. Which of the following should the administrator try NEXT?

Options:

A.

Opening port 22 on the firewall

B.

Running the command with elevated privileges

C.

Checking if the SSH password is correct

D.

Ensuring the private key was properly imported

Question 77

A cloud engineer needs to perform a database migration. The database has a restricted SLA and cannot be offline for more than ten minutes per month. The database stores 800GB of data, and the network bandwidth to the CSP is 100MBps Which of the following is the best option to perform the migration?

Options:

A.

Copy the database to an external device and ship the device to the CSP.

B.

Create a replica database, synchronize the data, and switch to the new instance.

C.

Utilize a third-party tool to back up and restore the data to the new database.

D.

Use the database import/export method and copy the exported file.

Question 78

An integration application that communicates between different application and database servers is currently hosted on a physical machine. A P2V migration needs to be done to reduce the hardware footprint. Which of the following should be considered to maintain the same level of network throughput and latency in the virtual server?

Options:

A.

Upgrading the physical server NICs to support 10Gbps

B.

Adding more vCPU

C.

Enabling SR-IOV capability

D.

Increasing the VM swap/paging size

Question 79

A DevOps engineer needs to make application deployments more efficient. The current process to deploy and scale the application is very manual, with hours spent configuring servers from scratch each time. The application has many platform-based dependencies but is highly portable and can run on multiple platforms. Which of the following is most likely to reduce deployment time and improve efficiencies?

Options:

A.

Deploying the application using persistent storage.

B.

Leveraging IaC templates.

C.

Creating a runbook.

D.

Using serverless technology to minimize overheads.

Question 80

A cloud engineer is designing a new cloud environment for an organization that requires resilient connectivity to cloud resources over diverse mediums. Which of the following is the best way to ensure resilient networking?

Options:

A.

Implement an SD-WAN solution with terrestrial, satellite, and cellular technologies.

B.

Install duplicate commercial circuits for active-passive failover.

C.

Obtain backup satellite connections for failover.

D.

Provide 5G cellular backup circuits with multiple carriers.

Question 81

A systems administrator needs to connect the companys network to a public cloud services provider. Which of the following will BEST ensure encryption in transit for data transfers?

Options:

A.

Identity federation

B.

A VPN tunnel

C.

A proxy solution

D.

A web application firewall

Question 82

A company uses multiple SaaS-based cloud applications. All the applications require authentication upon access. An administrator has been asked to address this issue and enhance security. Which of the following technologies would be the BEST solution?

Options:

A.

Single sign-on

B.

Certificate authentication

C.

Federation

D.

Multifactor authentication

Question 83

One of the web applications in a public subnet is vulnerable to a newly discovered zero-day vulnerability. Which of the following actions can a security engineer perform to reduce the risk of exploitation and application downtime?

Options:

A.

Stop the web server in the affected host.

B.

Insert a deny rule in the host firewall.

C.

Add a new signature in the network IDS.

D.

Implement a virtual patch in the WAF.

Question 84

During a security incident on an laaS platform, which of the following actions will a systems administrator most likely take as part of the containment procedure?

Options:

A.

Connect to an instance for triage.

B.

Add a deny rule to the network ACL.

C.

Mirror the traffic to perform a traffic capture.

D.

Perform a memory acquisition.

Question 85

A new development team requires workstations hosted in a PaaS to develop a new website. Members of the team also require remote access to the workstations using their corporate email addresses. Which of the following solutions will BEST meet these requirements? (Select TWO).

Options:

A.

Deploy new virtual machines.

B.

Configure email account replication.

C.

Integrate identity services.

D.

Implement a VDI solution.

E.

Migrate local VHD workstations.

F.

Create a new directory service.

Question 86

A SaaS provider wants to maintain maximum availability for its service. Which of the following should be implemented to attain the maximum SLA?

Options:

A.

A mobile site.

B.

An active-active site.

C.

A warm site.

D.

A cold site.

Question 87

A cloud administrator is choosing a backup schedule for a new application platform that creates many small files. The backup process impacts the performance of the application, and backup times should be minimized during weekdays. Which of the following backup types best meets the weekday requirements?

Options:

A.

Database dump

B.

Differential

C.

Incremental

D.

Full

Question 88

A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability related to outdated web-server software on one of its public subnets. Which of the following can the company use to verify if this is a true positive with the least effort and cost? (Select two).

Options:

A.

A network-based scan

B.

An agent-based scan

C.

A port scan

D.

A red-team exercise

E.

A credentialed scan

F.

A blue-team exercise

G.

Unknown environment penetration testing

Question 89

A cloud engineer recently used a deployment script template to implement changes on a cloud-hosted web application. The web application communicates with a managed database on the back end. The engineer later notices the web application is no longer receiving data from the managed database. Which of the following is the most likely cause of the issue?

Options:

A.

Misconfiguration in the user permissions

B.

Misconfiguration in the routing traffic

C.

Misconfiguration in the network ACL

D.

Misconfiguration in the firewall

Question 90

A cloud administrator notices an e-commerce website was recently warned that the connection is not private. Which of the following is most likely the cause?

Options:

A.

An expired certificate.

B.

A misconfigured IPS.

C.

A broken trust relationship.

D.

Limited connectivity.

Question 91

An IT administrator is implementing security controls on an OS. Which of the following will provide the best protection against a brute-force attack? (Select two).

Options:

A.

Implementing MFA

B.

Enforcing strong passwords

C.

Configuring user passwords to change every 30 days

D.

Limiting failed log-in requests

E.

Using API keys

F.

Implementing SSH keys

Question 92

A company is using laaS services from two different providers: one for its primary site, and the other for a secondary site. The primary site is completely inaccessible, and the management team has decided to run through the BCP procedures. Which of the following will provide the complete asset information?

Options:

A.

DR replication document

B.

DR playbook

C.

DR policies and procedures document

D.

DR network diagram

Question 93

As a result of an IT audit, a customer has decided to move some applications from an old legacy system to a private cloud. The current server location is remote with low bandwidth. Which of the following is the best migration strategy to use for this deployment?

Options:

A.

P2V with physical data transport.

B.

P2P with remote data copy.

C.

V2V with physical data transport.

D.

V2P with physical data transport.

E.

V2P with remote data copy.

Question 94

An integration application that communicates between different application and database servers is currently hosted on a physical machine. A P2V migration needs to be done to reduce the hardware footprint. Which of the following should be considered to maintain the same level of network throughput and latency in the virtual server?

Options:

A.

Upgrading the physical server NICs to support IOGbps

B.

Adding more vCPU

C.

Enabling SR-IOV capability

D.

Increasing the VM swap/paging size

Question 95

A company's marketing department is running a rendering application on virtual desktops. Currently, the application runs slowly, and it takes a long time to refresh the screen. The virtualization administrator is tasked with resolving this issue. Which of the following is the BEST solution?

Options:

A.

GPU passthrough

B.

Increased memory

C.

Converged infrastructure

D.

An additional CPU core

Question 96

A systems administrator automates a series of tasks in a playbook and receives the following error during testing:

"Unable to find any of pip2, pip to use. pip needs to be installed."

The administrator verifies that pip is installed correctly. Which of the following actions will most likely resolve this issue?

Options:

A.

Ensure pip is up to date.

B.

Create a firewall rule to allow pip.

C.

Refactor the automation code.

D.

Update the system path.

Question 97

A cloud administrator is assessing the scaling of an infrastructure stack. When viewing the configuration, the cloud administrator notices that the servers have a maximum limit of three. Which of the following is a way to increase throughput for the three servers without adjusting the maximum scaling limits?

Options:

A.

Selecting a machine with more resources.

B.

Reducing the size of the image being deployed.

C.

Using faster block storage on the machines.

D.

Increasing the scaling minimum to three.

Question 98

A cloud service provider is designing an online streaming service that requires an uptime of 99.9%. Which of the following will best meet the uptime requirement?

Options:

A.

Adding additional firewalls

B.

Deploying a failover load balancer

C.

Adding multiple DNS records

D.

Deploying a second API gateway

Question 99

After a virtualized host is rebooted, ten guest VMs take a long time to start, and extensive memory utilization is observed. Which of the following should be done to optimize the host?

Options:

A.

Reduce the host memory assignment.

B.

Configure the virtual/swap memory configuration on the guest VMs.

C.

Increase the allocated vCPUs per VM.

D.

Reduce the allocated memory and enable dynamic memory.

Question 100

Based on the shared responsibility model, which of the following solutions passes the responsibility of patching the OS to the customer?

Options:

A.

PaaS

B.

DBaaS

C.

laaS

D.

SaaS

Question 101

An organization is deploying development, quality assurance, and production environments with equal numbers of IP addresses to the cloud. The IP address range provided is 10.168.0.0/24, and it needs to be terminated on a firewall. Which of the following IP subnets and firewall IPS should be used for one of the environments?

Options:

A.

10.168.0.0/26 and 10.168.0.63

B.

10.168.0.64/26 and 10.168.0.64

C.

10.168.0.128/26 and 10.168.0.190

D.

10.168.0.128/26 and 10.168.0.194

E.

10.168.0.192/26 and 10.168.0.191

Question 102

A global web-hosting company is concerned about the availability of its platform during an upcoming event. Web traffic is forecasted to increase substantially during the next week. The site contains mainly static content.

Which of the following solutions will assist with the increased workload?

Options:

A.

DoH

B.

WAF

C.

IPS

D.

CDN

Question 103

A systems administrator is building a new virtualization cluster. The cluster consists of five virtual hosts, which each have flash and spinning disks. This storage is shared among all the virtual hosts, where a virtual machine running on one host may store data on another host.

This is an example of:

Options:

A.

a storage area network

B.

a network file system

C.

hyperconverged storage

D.

thick-provisioned disks

Question 104

A company is switching from one cloud provider to another and needs to complete the migration as quickly as possible.

Which of the following is the MOST important consideration to ensure a seamless migration?

Options:

A.

The cost of the environment

B.

The I/O of the storage

C.

Feature compatibility

D.

Network utilization

Question 105

A company needs to rehost its ERP system to complete a datacenter migration to the public cloud. The company has already migrated other systems and configured VPN connections.

Which of the following MOST likely needs to be analyzed before rehosting the ERP?

Options:

A.

Software

B.

Licensing

C.

Right-sizing

D.

The network

Question 106

A systems administrator is deploying a new storage array for backups. The array provides 1PB of raw disk space and uses 14TB nearline SAS drives. The solution must tolerate at least two failed drives in a single RAID set.

Which of the following RAID levels satisfies this requirement?

Options:

A.

RAID 0

B.

RAID 1

C.

RAID 5

D.

RAID 6

E.

RAID 10

Question 107

Which of the following cloud deployment models allows a company to have full control over its IT infrastructure?

Options:

A.

Private

B.

Cloud within a cloud

C.

Hybrid

D.

Public

Question 108

An organization has multiple VLANs configured to segregate the network traffic. Following is the breakdown of the network segmentation:

    Production traffic (10.10.0.0/24)

    Network backup (10.20.0.0/25)

    Virtual IP network (10.20.0.128/25)

The following configuration exists on the server:

The backup administrator observes that the weekly backup is failing for this server. Which of the following commands should the administrator run to identify the issue?

Options:

A.

ROUTE PRINT

B.

NETSTAT -A

C.

IPCONFIG /ALL

D.

NET SM

Question 109

A developer is no longer able to access a public cloud API deployment, which was working ten minutes prior.

Which of the following is MOST likely the cause?

Options:

A.

API provider rate limiting

B.

Invalid API token

C.

Depleted network bandwidth

D.

Invalid API request

Question 110

An organization is required to set a custom registry key on the guest operating system.

Which of the following should the organization implement to facilitate this requirement?

Options:

A.

A configuration management solution

B.

A log and event monitoring solution

C.

A file integrity check solution

D.

An operating system ACL

Question 111

A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance has been slow since the images were upgraded from Windows 7 to Windows 10.

This VDI environment is used to run simple tasks, such as Microsoft Office. The administrator investigates the virtual machines and finds the following settings:

    4 vCPU

    16GB RAM

    10Gb networking

    256MB frame buffer

Which of the following MOST likely needs to be upgraded?

Options:

A.

vRAM

B.

vCPU

C.

vGPU

D.

vNIC

Question 112

A systems administrator disabled TLS 1.0 and 1.1, as well as RC4, 3DES, and AES-128 ciphers for TLS 1.2, on a web server. A client now reports being unable to access the web server, but the administrator verifies that the server is online, the web service is running, and other users can reach the server as well.

Which of the following should the administrator recommend the user do FIRST?

Options:

A.

Disable antivirus/anti-malware software

B.

Turn off the software firewall

C.

Establish a VPN tunnel between the computer and the web server

D.

Update the web browser to the latest version

Question 113

An organization will be deploying a web application in a public cloud with two web servers, two database servers, and a load balancer that is accessible over a single public IP.

Taking into account the gateway for this subnet and the potential to add two more web servers, which of the following will meet the minimum IP requirement?

Options:

A.

192.168.1.0/26

B.

192.168.1.0/27

C.

192.168.1.0/28

D.

192.168.1.0/29

Question 114

A company just successfully completed a DR test and is ready to shut down its DR site and resume normal operations.

Which of the following actions should the cloud administrator take FIRST?

Options:

A.

Initiate a failover

B.

Restore backups

C.

Configure the network

D.

Perform a failback

Question 115

A systems administrator needs to configure monitoring for a private cloud environment. The administrator has decided to use SNMP for this task.

Which of the following ports should the administrator open on the monitoring server’s firewall?

Options:

A.

53

B.

123

C.

139

D.

161

Question 116

A company has decided to get multiple compliance and security certifications for its public cloud environment. However, the company has few staff members to handle the extra workload, and it has limited knowledge of the current infrastructure.

Which of the following will help the company meet the compliance requirements as quickly as possible?

Options:

A.

DLP

B.

CASB

C.

FIM

D.

NAC

Question 117

A cloud administrator is setting up a DR site on a different zone of the same CSP. The application servers are replicated using the VM replication, and the database replication is set up using log shipping. Upon testing the DR site, the application servers are unable to access the database servers. The administrator has verified the systems are running and are accessible from the CSP portal.

Which of the following should the administrator do to fix this issue?

Options:

A.

Change the database application IP

B.

Create a database cluster between the primary site and the DR site

C.

Update the connection string

D.

Edit the DNS record at the DR site for the application servers

Question 118

An organization is hosting a cloud-based web server infrastructure that provides web-hosting solutions. Sudden continuous bursts of traffic have caused the web servers to saturate CPU and network utilizations.

Which of the following should be implemented to prevent such disruptive traffic from reaching the web servers?

Options:

A.

Solutions to perform NAC and DLP

B.

DDoS protection

C.

QoS on the network

D.

A solution to achieve microsegmentation

Question 119

Company A has acquired Company B and is in the process of integrating their cloud resources. Company B needs access to Company A’s cloud resources while retaining its IAM solution.

Which of the following should be implemented?

Options:

A.

Multifactor authentication

B.

Single sign-on

C.

Identity federation

D.

Directory service

Question 120

A company has deployed a new cloud solution and is required to meet security compliance.

Which of the following will MOST likely be executed in the cloud solution to meet security requirements?

Options:

A.

Performance testing

B.

Regression testing

C.

Vulnerability testing

D.

Usability testing

Question 121

A marketing team is using a SaaS-based service to send emails to large groups of potential customers. The internally managed CRM system is configured to generate a list of target customers automatically on a weekly basis, and then use that list to send emails to each customer as part of a marketing campaign. Last week, the first email campaign sent emails successfully to 3,000 potential customers. This week, the email campaign

attempted to send out 50,000 emails, but only 10,000 were sent.

Which of the following is the MOST likely reason for not sending all the emails?

Options:

A.

API request limit

B.

Incorrect billing account

C.

Misconfigured auto-scaling

D.

Bandwidth limitation

Question 122

A company has a cloud infrastructure service, and the cloud architect needs to set up a DR site.

Which of the following should be configured in between the cloud environment and the DR site?

Options:

A.

Failback

B.

Playbook

C.

Zoning

D.

Replication

Question 123

A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled.

Which of the following techniques would BEST help the administrator assess these business requirements?

Options:

A.

Performance testing

B.

Usability testing

C.

Vulnerability testing

D.

Regression testing

Question 124

The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.

Refer to the application dataflow:

1A – The end user accesses the application through a web browser to enter and view clinical data.

2A – The CTM application server reads/writes data to/from the database server.

1B – The end user accesses the application through a web browser to run reports on clinical data.

2B – The CTM application server makes a SOAP call on a non-privileged port to the BI application server.

3B – The BI application server gets the data from the database server and presents it to the CTM application server.

When UAT users try to access the application using or they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue.

INSTRUCTIONS

You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.

You should ensure the firewall rules are allowing only the traffic based on the dataflow.

You have already verified the external DNS resolution and NAT are working.

Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Question 125

A systems administrator is deploying a solution that requires a virtual network in a private cloud environment. The solution design requires the virtual network to transport multiple payload types.

Which of the following network virtualization options would BEST satisfy the requirement?

Options:

A.

VXLAN

B.

STT

C.

NVGRE

D.

GENEVE

Question 126

An IaaS provider has numerous devices and services that are commissioned and decommissioned automatically on an ongoing basis. The cloud administrator needs to implement a solution that will help reduce administrative overhead.

Which of the following will accomplish this task?

Options:

A.

IPAM

B.

NAC

C.

NTP

D.

DNS

Question 127

A cloud administrator needs to implement a mechanism to monitor the expense of the company’s cloud resources.

Which of the following is the BEST option to execute this task with minimal effort?

Options:

A.

Ask the cloud provider to send a daily expense report

B.

Set custom notifications for exceeding budget thresholds

C.

Use the API to collect expense information from cloud resources

D.

Implement a financial tool to monitor cloud resource expenses

Question 128

An organization has the following requirements that need to be met when implementing cloud services:

    SSO to cloud infrastructure

    On-premises directory service

    RBAC for IT staff

Which of the following cloud models would meet these requirements?

Options:

A.

Public

B.

Community

C.

Hybrid

D.

Multitenant

Question 129

A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed.

Which of the following will BEST identify the CPU with more computational power?

Options:

A.

Simultaneous multithreading

B.

Bus speed

C.

L3 cache

D.

Instructions per cycle

Question 130

An administrator is performing an in-place upgrade on a quest VM operating system.

Which of the following can be performed as a quick method to roll back to an earlier state, if necessary?

Options:

A.

A configuration file backup

B.

A full backup of the database

C.

A differential backup

D.

A VM-level snapshot

Question 131

An organization has two businesses that are developing different software products. They are using a single cloud provider with multiple IaaS instances. The organization identifies that the tracking of costs for each

business are inaccurate.

Which of the following is the BEST method for resolving this issue?

Options:

A.

Perform segregation of the VLAN and capture egress and ingress values of each network interface

B.

Tag each server with a dedicated cost and sum them based on the businesses

C.

Split the total monthly invoice equally between the businesses

D.

Create a dedicated subscription for the businesses to manage the costs

Question 132

A SaaS provider wants to maintain maximum availability for its service.

Which of the following should be implemented to attain the maximum SLA?

Options:

A.

A hot site

B.

An active-active site

C.

A warm site

D.

A cold site

Question 133

A systems administrator in a large enterprise needs to alter the configuration of one of the finance department’s database servers.

Which of the following should the administrator perform FIRST?

Options:

A.

Capacity planning

B.

Change management

C.

Backups

D.

Patching

Question 134

An organization is hosting a DNS domain with private and public IP ranges.

Which of the following should be implemented to achieve ease of management?

Options:

A.

Network peering

B.

A CDN solution

C.

A SDN solution

D.

An IPAM solution

Question 135

An organization is running a database application on a SATA disk, and a customer is experiencing slow performance most of the time.

Which of the following should be implemented to improve application performance?

Options:

A.

Increase disk capacity

B.

Increase the memory and network bandwidth

C.

Upgrade the application

D.

Upgrade the environment and use SSD drives

Page: 1 / 46
Total 456 questions