New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

CompTIA CV0-004 CompTIA Cloud+ (2024) Exam Practice Test

Page: 1 / 21
Total 213 questions

CompTIA Cloud+ (2024) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A customer relationship management application, which is hosted in a public cloud laaS network, is vulnerable to a remote command execution vulnerability. Which of the following is

the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?

Options:

A.

IPS

B.

ACL

C.

DLP

D.

WAF

Question 2

A cloud service provider requires users to migrate to a new type of VM within three months. Which of the following is the best justification for this requirement?

Options:

A.

Security flaws need to be patched.

B.

Updates could affect the current state of the VMs.

C.

The cloud provider will be performing maintenance of the infrastructure.

D.

The equipment is reaching end of life and end of support.

Question 3

A cloud engineer needs to deploy a new version of a web application to 100 servers. In the past, new version deployments have caused outages. Which of the following deployment types should the cloud engineer implement to prevent the outages from happening this time?

Options:

A.

Rolling

B.

Blue-green

C.

Canary

D.

Round-robin

Question 4

A cloud engineer wants to deploy a new application to the cloud and is writing the following script:

Which of the following actions will this script perform?

Options:

A.

Upload a new VM image.

B.

Create a new cloud resource.

C.

Build a local server.

D.

Import a cloud module.

Question 5

A cloud engineer needs to integrate a new payment processor with an existing e-commerce website. Which of the following technologies is the best fit for this integration?

Options:

A.

RPC over SSL

B.

Transactional SQL

C.

REST API over HTTPS

D.

Secure web socket

Question 6

Which of the following is an auditing procedure that ensures service providers securely manage the data to protect the interests of the organization and the privacy of its clients?

Options:

A.

CIS

B.

ITIL

C.

SOC2

D.

ISO 27001

Question 7

Which of the following is used to detect signals and measure physical properties, such as the temperature of the human body?

Options:

A.

Beacon

B.

Transmission protocols

C.

Sensors

D.

Gateways

Question 8

A developer is deploying a new version of a containerized application. The DevOps team wants:

• No disruption

• No performance degradation

* Cost-effective deployment

• Minimal deployment time

Which of the following is the best deployment strategy given the requirements?

Options:

A.

Canary

B.

In-place

C.

Blue-green

D.

Rolling

Question 9

A cloud engineer wants to implement a monitoring solution to detect cryptojacking and other cryptomining malware on cloud instances. Which of the following metrics would most likely be used to identify the activity?

Options:

A.

Disk I/O

B.

Network packets

C.

Average memory utilization

D.

Percent of CPU utilization

Question 10

A cloud engineer needs to migrate an application from on premises to a public cloud. Due to timing constraints, the application cannot be changed prior to migration. Which of the

following migration strategies is best approach for this use case?

Options:

A.

Retire

B.

Rearchitect

C.

Refactor

D.

Rehost

Question 11

Which of the following industry standards mentions that credit card data must not be exchanged or stored in cleartext?

Options:

A.

CSA

B.

GDPR

C.

SOC2

D.

PCI-DSS

Question 12

A software engineer needs to transfer data over the internet using programmatic access while also being able to query the data. Which of the following will best help the engineer to complete this task?

Options:

A.

SQL

B.

Web sockets

C.

RPC

D.

GraphQL

Question 13

A company that has several branches worldwide needs to facilitate full access to a specific cloud resource to a branch in Spain. Other branches will have only read access. Which of

the following is the best way to grant access to the branch in Spain?

Options:

A.

Set up MFA for the users working at the branch.

B.

Create a network security group with required permissions for users in Spain.

C.

Apply a rule on the WAF to allow only users in Spain access to the resource.

D.

Implement an IPS/IDS to detect unauthorized users.

Question 14

A cloud engineer is in charge of deploying a platform in an laaS public cloud. The application tracks the state using session cookies, and there are no affinity restrictions. Which of

the following will help the engineer reduce monthly expenses and allow the application to provide the service?

Options:

A.

Resource metering

B.

Reserved resources

C.

Dedicated host

D.

Pay-as-you-go model

Question 15

Which of the following application migration strategies will best suit a customer who wants to move a simple web application from an on-premises server to the cloud?

Options:

A.

Rehost

B.

Rearchitect

C.

Refactor

D.

Retain

Question 16

Which of the following best explains the concept of migrating from on premises to the cloud?

Options:

A.

The configuration of a dedicated pipeline to transfer content to a remote location

B.

The creation of virtual instances in an external provider to transfer operations of selected servers into a new. remotely managed environment

C.

The physical transportation, installation, and configuration of company IT equipment in a cloud services provider's facility

D.

The extension of company IT infrastructure to a managed service provider

Question 17

A cloud administrator shortens the amount of time a backup runs. An executive in the company requires a guarantee that the backups can be restored with no data loss. Which of th€ following backup features should the administrator lest for?

Options:

A.

Encryption

B.

Retention

C.

Schedule

D.

Integrity

Question 18

A cloud engineer needs to determine a scaling approach for a payroll-processing solution that runs on a biweekly basis. Given the complexity of the process, the deployment to each

new VM takes about 25 minutes to get ready. Which of the following would be the best strategy?

Options:

A.

Horizontal

B.

Scheduled

C.

Trending

D.

Event

Question 19

A cloud engineer wants to run a script that increases the volume storage size if it is below 100GB. Which of the following should the engineer run?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 20

A cloud developer needs to update a REST API endpoint to resolve a defect. When too many users attempt to call the API simultaneously, the following message is displayed:

Error: Request Timeout - Please Try Again Later

Which of the following concepts should the developer consider to resolve this error?

Options:

A.

Server patch

B.

TLS encryption

C.

Rate limiting

D.

Permission issues

Question 21

A company operates a website that allows customers to upload, share, and retain tull ownership of their photographs. Which of the following could affect image ownership as the website usage expands globally?

Options:

A.

Sovereignty

B.

Data classification

C.

Litigation holds

D.

Retention

Question 22

A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

Which of the following changes should the engineer make lo the file to improve container security?

Options:

A.

Add the instruction "JSER nonroot.

B.

Change the version from latest to 3.11.

C.

Remove the EHTRYPOIKT instruction.

D.

Ensure myapp/main.pyls owned by root.

Question 23

A systems administrator is provisioning VMs according to the following requirements:

· A VM instance needs to be present in at least two data centers.

. During replication, the application hosted on the VM tolerates a maximum latency of one second.

· When a VM is unavailable, failover must be immediate.

Which of the following replication methods will best meet these requirements?

Options:

A.

Snapshot

B.

Transactional

C.

Live

D.

Point-in-time

Question 24

A cloud engineer is reviewing a disaster recovery plan that includes the following requirements:

• System state, files, and configurations must be backed up on a weekly basis.

• The system state, file, and configuration backups must be tested annually.

Which of the following backup methods should the engineer implement for the first week the plan is executed?

Options:

A.

Differential

B.

Incremental

C.

Snapshot

D.

Full

Question 25

A group of cloud administrators frequently uses the same deployment template to recreate a cloud-based development environment. The administrators are unable to go back and

review the history of changes they have made to the template. Which of the following cloud resource deployment concepts should the administrator start using?

Options:

A.

Drift detection

B.

Repeatability

C.

Documentation

D.

Versioning

Question 26

A software engineer at a cybersecurity company wants to access the cloud environment. Per company policy, the cloud environment should not be directly accessible via the internet. Which of the following options best describes how the software engineer can access the cloud resources?

Options:

A.

SSH

B.

Bastion host

C.

Token-based access

D.

Web portal

Question 27

A company has developed an online trading platform. The engineering team selected event-based scaling for the platform's underlying resources. The platform resources scale up

with every 2,000 subscribed users. The engineering team finds out that although compute utilization is low, scaling is still occurring. Which of the following statements best explains

why this is the case?

Options:

A.

Event-based scaling does not scale down resources.

B.

Event-based scaling should not be triggered at the 2,000-user frequency.

C.

Event-based scaling should not track user subscriptions.

D.

Event-based scaling does not take resource load into account.

Question 28

An administrator needs to adhere to the following requirements when moving a customer's data to the cloud:

• The new service must be geographically dispersed.

• The customer should have local access to data

• Legacy applications should be accessible.

Which of the following cloud deployment models is most suitable?

Options:

A.

On-premises

B.

Private

C.

Hybrid

D.

Public

Question 29

Users have been reporting that a remotely hosted application is not accessible following a recent migration. However, the cloud administrator is able to access the application from

the same site as the users. Which of the following should the administrator update?

Options:

A.

Cipher suite

B.

Network ACL

C.

Routing table

D.

Permissions

Question 30

A systems administrator needs to configure backups for the company's on-premises VM cluster. The storage used for backups will be constrained on free space until the company

can implement cloud backups. Which of the following backup types will save the most space, assuming the frequency of backups is kept the same?

Options:

A.

Snapshot

B.

Ful

C.

Differential

D.

Incremental

Question 31

A cloud engineer is troubleshooting a connectivity issue. The application server with IP 192.168.1.10 in one subnet is not connecting to the MySQL database server with IP 192.168.2 20 in a different subnet. The cloud engineer reviews the following information:

Application Server Stateful Firewall

Which of the following should the cloud engineer address lo fix the communication issue?

Options:

A.

The Application Server Stateful Firewall

B.

The Application Server Subnet Routing Table

C.

The MySQL Server Stateful Firewall

D.

The MySQL Server Subnet Routing Table

Question 32

A cloud security analyst is investigating the impact of a recent cyberattack. The analyst is reviewing the following information:

Web server access log:

104.210.233.225 - - [21/10/2022:11:17: 40] "POST /uploadfile.html?f=myfile.php" 200 1638674

45.32.10.66 - - [21/10/2022:11:19:12] "GET /welcome.html" 200 5812

104.210.233.225 - - [21/10/2022:11:21:19] "GET / .. / .. / .. / .. /conf/server.xml HTTP/1.1" 200 74458

45.32.10.66 - - [21/10/22:11:22:32] "GET /admin.html HTTP/1.1" 200 9518

Web application firewall log:

"2022/10/21 11:17:33" "10.25.2.35" "104. 210.233.225" "userl" "File transfer completed successfully."

"2022/10/21 11:21:05" "10. 25.2. 35" "104. 210.233.225" "userl" "Accessed application page."

"2022/10/21 11:22:13" "10.25.2.35" "45. 32. 10. 66" "user2" "Accessing admin page. "

Which of the following has occurred?

Options:

A.

The corporate administration page was defaced by the attacker.

B.

A denial-of-service attack was successfully performed on the web server.

C.

A new user was created on the web server by the attacker.

D.

Sensitive information from the corporate web server was leaked.

Question 33

Which of the following will best reduce the cost of running workloads while maintaining the same performance? (Select two).

Options:

A.

Instance size

B.

Tagging

C.

Reserved resources model

D.

Spot instance model

E.

Pay-as-you-go model

F.

Dedicated host model

Question 34

Which of the following cloud deployment strategies is best for an organization that wants to run open-source workloads with other organizations that are sharing the cost?

Options:

A.

Community

B.

Public

C.

Hybrid

D.

Private

Question 35

Which of the following container storage types loses data after a restart?

Options:

A.

Object

B.

Persistent volume

C.

Ephemeral

D.

Block

Question 36

An e-commerce store is preparing for an annual holiday sale. Previously, this sale has increased the number of transactions between two and ten times the normal level of

transactions. A cloud administrator wants to implement a process to scale the web server seamlessly. The goal is to automate changes only when necessary and with minimal cost.

Which of the following scaling approaches should the administrator use?

Options:

A.

Scale horizontally with additional web servers to provide redundancy.

B.

Allow the load to trigger adjustments to the resources.

C.

When traffic increases, adjust the resources using the cloud portal.

D.

Schedule the environment to scale resources before the sale begins.

Question 37

A cloud deployment uses three different VPCs. The subnets on each VPC need to communicate with the others over private channels. Which of the following will achieve this objective?

Options:

A.

Deploying a load balancer to send traffic to the private IP addresses

B.

Creating peering connections between all VPCs

C.

Adding BGP routes using the VPCs' private IP addresses

D.

Establishing identical routing tables on all VPCs

Question 38

An e-commerce company is migrating from an on-premises private cloud environment to

a public cloud IaaS environment. You are tasked with right-sizing the environment to

save costs after the migration. The company's requirements are to provide a 20% overhead above the average resource consumption, rounded up.

INSTRUCTIONS

Review the specifications and graphs showing resource usage for the web and database servers. Determine the average resource usage and select the correct specifications from the available drop-down options.

Options:

Question 39

A list of CVEs was identified on a web server. The systems administrator decides to close the ports and disable weak TLS ciphers. Which of the following describes this vulnerability management stage?

Options:

A.

Scanning

B.

Identification

C.

Assessment

D.

Remediation

Question 40

A highly regulated business is required to work remotely, and the risk tolerance is very low. You are tasked with providing an identity solution to the company cloud that includes the following:

  • secure connectivity that minimizes user login
  • tracks user activity and monitors for anomalous activity
  • requires secondary authentication

INSTRUCTIONS

Select controls and servers for the proper control points.

Options:

Question 41

A cloud engineer hardened the WAF for a company that operates exclusively in North America. The engineer did not make changes to any ports, and all protected applications have

continued to function as expected. Which of the following configuration changes did the engineer most likely apply?

Options:

A.

The engineer implemented MFA to access the WAF configurations.

B.

The engineer blocked all traffic originating outside the region.

C.

The engineer installed the latest security patches on the WAF.

D.

The engineer completed an upgrade from TLS version 1.1 to version 1.3.

Question 42

A cloud engineer wants to implement a disaster recovery strategy that:

. Is cost-effective.

. Reduces the amount of data loss in case of a disaster.

. Enables recovery with the least amount of downtime.

Which of the following disaster recovery strategies best describes what the cloud engineer wants to achieve?

Options:

A.

Cold site

B.

Off site

C.

Warm site

D.

Hot site

Question 43

A developer is testing code that will be used to deploy a web farm in a public cloud. The main code block is a function to create a load balancer and a loop to create 1.000 web servers, as shown below:

The developer runs the code against the company's cloud account and observes that the load balancer is successfully created, but only 100 web servers have been created. Which of the following should the developer do to fix this issue?

Options:

A.

Request an increase of Instance quota.

B.

Run the code multiple times until all servers are created.

C.

Check the my_web_server () function to ensure it is using the right credentials.

D.

Place the my_load_balancer () function after the loop.

Question 44

Which of the following is used to deliver code quickly and efficiently across the development, test, and production environments?

Options:

A.

Snapshot

B.

Container image

C.

Serverless function

D.

VM template

Question 45

A cloud administrator needs to collect process-level, memory-usage tracking for the virtual machines that are part of an autoscaling group. Which of the following is the best way to

accomplish the goal by using cloud-native monitoring services?

Options:

A.

Configuring page file/swap metrics

B.

Deploying the cloud-monitoring agent software

C.

Scheduling a script to collect the data

D.

Enabling memory monitoring in the VM configuration

Question 46

A cloud administrator is building a company-standard VM image, which will be based on a public image. Which of the following should the administrator implement to secure the image?

Options:

A.

ACLs

B.

Least privilege

C.

Hardening

D.

Vulnerability scanning

Question 47

Which of the following integration systems would best reduce unnecessary network traffic by allowing data to travel bidirectionally and facilitating real-time results for developers who need to display critical information within applications?

Options:

A.

REST API

B.

RPC

C.

GraphQL

D.

Web sockets

Question 48

A company has ten cloud engineers working on different manual following is the best method to address this issue?

Options:

A.

Deployment documentation

B.

Service logging

C.

Configuration as code

D.

Change ticketing

Question 49

Users report being unable to access an application that uses TLS 1.1. The users are able to access other applications on the internet. Which of the following is the most likely

reason for this issue?

Options:

A.

The security team modified user permissions.

B.

Changes were made on the web server to address vulnerabilities.

C.

Privileged access was implemented.

D.

The firewall was modified.

Question 50

An on-premises data center is located in an earthquake-prone location. The workload consists of real-time, online transaction processing. Which ot the following data protection strategies should be used to back up on-premises data to the cloud while also being cost effective?

Options:

A.

Remote replication for failover

B.

A copy that is RAID 1 protected on spinning drives in an on-premises private cloud

C.

A full backup to on-site tape libraries in a private cloud

D.

Air-gapped protection to provide cyber resiliency

Question 51

A company is developing a new web application that requires a relational database management system with minimal operational overhead. Which of the following should the company choose?

Options:

A.

A database installed on a virtual machine

B.

A managed SQL database on the cloud

C.

A database migration service

D.

A hybrid database setup

Question 52

A company wants to create a few additional VDIs so support vendors and contractors have a secure method to access the company's cloud environment. When a cloud

administrator attempts to create the additional instances in the new locations, the operation is successful in some locations but fails in others. Which of the following is the

most likely reason for this failure?

Options:

A.

Partial service outages

B.

Regional service availability

C.

Service quotas

D.

Deprecation of functionality

Question 53

A banking firm's cloud server will be decommissioned after a successful proof of concept using mirrored data. Which of the following is the best action to take regarding the storage used on the decommissioned server?

Options:

A.

Keep it temporarily.

B.

Archive it.

C.

Delete it.

D.

Retain it permanently

Question 54

An administrator is setting up a cloud backup solution that requires the following features:

• Cost effective

• Granular recovery

• Multilocation

Which of the following backup types best meets these requirements?

Options:

A.

Off-site, full, incremental, and differential

B.

Cloud site, full, and differential

C.

On-site. full, and incremental

D.

On-site. full, and differential

Question 55

Following a ransomware attack, the legal department at a company instructs the IT administrator to store the data from the affected virtual machines for a minimum of one year.

Which of the following is this an example of?

Options:

A.

Recoverability

B.

Retention

C.

Encryption

D.

Integrity

Question 56

Once a change has been made to templates, which of the following commands should a cloud architect use next to deploy an laaS platform?

Options:

A.

git pull

B.

git fetch

C.

git commit

D.

git push

Question 57

Which of the following compute resources is the most optimal for running a single scripted task on a schedule?

Options:

A.

Bare-metal server

B.

Managed container

C.

Virtual machine

D.

Serverless function

Question 58

A company receives files daily from a bank. The company requires that the files must be copied from the cloud storage resource to another cloud storage resource for further

processing. Which of the following methods requires the least amount of effort to achieve the task?

Options:

A.

Remote procedure call

B.

SOAP

C.

Event-driven architecture

D.

REST

Question 59

A company uses containers stored in Docker Hub to deploy workloads (or its laaS infrastructure. The development team releases changes to the containers several times per hour. Which of the following should a cloud engineer do to prevent the proprietary code from being exposed to third parties?

Options:

A.

Use laC to deploy the laaS infrastructure.

B.

Convert the containers to VMs.

C.

Deploy the containers over SSH.

D.

Use private repositories for the containers.

Question 60

A developer at a small startup company deployed some code for a new feature to its public repository. A few days later, a data breach occurred. A security team investigated the

incident and found that the database was hacked. Which of the following is the most likely cause of this breach?

Options:

A.

Database core dump

B.

Hard-coded credentials

C.

Compromised deployment agent

D.

Unpatched web servers

Question 61

A company wants to combine solutions in a central and scalable environment to achieve the following goals:

• Control

• Visibility

• Automation

• Cost efficiency

Which of the following best describes what the company should implement?

Options:

A.

Batch processing

B.

Workload orchestration

C.

Containerization

D.

Application modernization

Question 62

A customer is migrating applications to the cloud and wants to grant authorization based on the classification levels of each system. Which of the following should the customer implement to ensure authorisation to systems is granted when the user and system classification properties match? (Select two).

Options:

A.

Resource tagging

B.

Discretionary access control

C.

Multifactor authentication

D.

Role-based access control

E.

Token-based authentication

F.

Bastion host

Question 63

The change control board received a request to approve a configuration change 10 deploy in the cloud production environment. Which of the following should have already been competed?

Options:

A.

Penetration test

B.

End-to-end security testing

C.

Cost benefit analysis

D.

User acceptance testing

Page: 1 / 21
Total 213 questions