New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

CompTIA CV0-004 CompTIA Cloud+ (2024) Exam Practice Test

Demo: 63 questions
Total 213 questions

CompTIA Cloud+ (2024) Questions and Answers

Question 1

A cloud infrastructure administrator updated the IP tables to block incoming connections and outgoing responses to 104.225.110.203. Which of the following vulnerability

management steps is this an example of?

Options:

A.

Scanning scope

B.

Remediation

C.

Identification

D.

Assessment

Question 2

A highly regulated business is required to work remotely, and the risk tolerance is very low. You are tasked with providing an identity solution to the company cloud that includes the following:

  • secure connectivity that minimizes user login
  • tracks user activity and monitors for anomalous activity
  • requires secondary authentication

INSTRUCTIONS

Select controls and servers for the proper control points.

Options:

Question 3

Which of the following do developers use to keep track of changes made during software development projects?

Options:

A.

Code drifting

B.

Code control

C.

Code testing

D.

Code versioning

Question 4

A cloud service provider requires users to migrate to a new type of VM within three months. Which of the following is the best justification for this requirement?

Options:

A.

Security flaws need to be patched.

B.

Updates could affect the current state of the VMs.

C.

The cloud provider will be performing maintenance of the infrastructure.

D.

The equipment is reaching end of life and end of support.

Question 5

A company is required to save historical data for seven years. A cloud administrator implements a script that automatically deletes data older than seven years. Which of the following concepts best describes why the historical data is being deleted?

Options:

A.

End of life

B.

Data loss prevention

C.

Cost implications

D.

Tiered storage for archiving

Question 6

An IT security team wants to ensure that the correct parties are informed when a specific user account is signed in. Which of the following would most likely allow an administrator to address this concern?

Options:

A.

Creating an alert based on user sign-in criteria

B.

Aggregating user sign-in logs from all systems

C.

Enabling the collection of user sign-in logs

D.

Configuring the retention of all sign-in logs

Question 7

A company has developed an online trading platform. The engineering team selected event-based scaling for the platform's underlying resources. The platform resources scale up

with every 2,000 subscribed users. The engineering team finds out that although compute utilization is low, scaling is still occurring. Which of the following statements best explains

why this is the case?

Options:

A.

Event-based scaling does not scale down resources.

B.

Event-based scaling should not be triggered at the 2,000-user frequency.

C.

Event-based scaling should not track user subscriptions.

D.

Event-based scaling does not take resource load into account.

Question 8

Which of the following migration types is best to use when migrating a highly available application, which is normally hosted on a local VM cluster, for usage with an external user population?

Options:

A.

Cloud to on-premises

B.

Cloud to cloud

C.

On-premises to cloud

D.

On-premises to on-premises

Question 9

A systems engineer is migrating a batch of 25 VMs from an on-premises compute cluster to a public cloud using the public cloud's migration agent. The migration job shows data

copies at a rate of 250Mbps. After five servers migrate, the data copies at a rate of 25Mbps. Which of the following should the engineer review first to troubleshoot?

Options:

A.

The on-premises VM host hardware utilization

B.

The on-premises ISP throttling rate

C.

The IOPS on the SAN backing the on-premises cluster

D.

The compute utilization of the VMs being migrated

Question 10

A cloud solutions architect needs to have consistency between production, staging, and development environments. Which of the following options will best achieve this goal?

Options:

A.

Using Terraform templates with environment variables

B.

Using Grafana in each environment

C.

Using the ELK stack in each environment

D.

Using Jenkins agents in different environments

Question 11

A company is developing a new web application that requires a relational database management system with minimal operational overhead. Which of the following should the company choose?

Options:

A.

A database installed on a virtual machine

B.

A managed SQL database on the cloud

C.

A database migration service

D.

A hybrid database setup

Question 12

A cloud consultant needs to modernize a legacy application that can no longer address user demand and is expensive to maintain. Which of the following is the best migration

strategy?

Options:

A.

Retain

B.

Rehost

C.

Refactor

D.

Replatform

Question 13

An IT manager needs to deploy a cloud solution that meets the following requirements:

. Users must use two authentication methods to access resources.

· Each user must have 10GB of storage space by default.

Which of the following combinations should the manager use to provision these requirements?

Options:

A.

OAuth 2.0 and ephemeral storage

B.

OIDC and persistent storage

C.

MFA and storage quotas

D.

SSO and external storage

Question 14

A cloud engineer is troubleshooting an application that consumes multiple third-party REST APIs. The application is randomly expenenang high latency. Which of the following would best help determine the source of the latency?

Options:

A.

Configuring centralized logging to analyze HTTP requests

B.

Running a flow log on the network to analyze the packets

C.

Configuring an API gateway to track all incoming requests

D.

Enabling tracing to detect HTTP response times and codes

Question 15

You are a cloud engineer working for a cloud service provider that is responsible for an

IaaS offering.

Your customer, who creates VMs and manages virtual storage, has noticed I/O bandwidth issues and low IOPS (under 9000).

Your manager wants you to verify the proper storage configuration as dictated by your service level agreement (SLA).

The SLA specifies:

. Each SFP on the hypervisor host must be set to the maximum link speed

allowed by the SAN array. . All SAN array disk groups must be configured in a RAID 5.

. The SAN array must be fully configured for redundant fabric paths. . IOPS should not fall below 14000

INSTRUCTIONS

Click on each service processor to review the displayed information. Then click on the drop-down menus to change the settings of each device as necessary to conform to the SLA requirements.

Options:

Question 16

A security team recently hired multiple interns who all need the same level of access. Which of the following controls should the security team implement to provide access to the

cloud environment with the least amount of overhead?

Options:

A.

MFA

B.

Discretionary access

C.

Local user access

D.

Group-based access control

Question 17

The change control board received a request to approve a configuration change 10 deploy in the cloud production environment. Which of the following should have already been competed?

Options:

A.

Penetration test

B.

End-to-end security testing

C.

Cost benefit analysis

D.

User acceptance testing

Question 18

A cloud engineer is collecting web server application logs to troubleshoot intermittent issues. However, the logs are piling up and causing storage issues. Which of the following log

mechanisms should the cloud engineer implement to address this issue?

Options:

A.

Splicing

B.

Rotation

C.

Sampling

D.

Inspection

Question 19

An organization wants to ensure its data is protected in the event of a natural disaster. To support this effort, the company has rented a colocation space in another part of the

country. Which of the following disaster recovery practices can be used to best protect the data?

Options:

A.

On-site

B.

Replication

C.

Retention

D.

Off-site

Question 20

Which of the following are best practices when working with a source control system? (Select two).

Options:

A.

Merging code often

B.

Pushing code directly to production

C.

Performing code deployment

D.

Maintaining one branch for all features

E.

Committing code often

F.

Initiating a pull request

Question 21

A security engineer recently discovered a vulnerability in the operating system of the company VMs. The operations team reviews the issue and decides all VMs need to be updated

from version 3.4.0 to 3.4.1. Which of the following best describes the type of update that will be applied?

Options:

A.

Consistent

B.

Major

C.

Minor

D.

Ephemeral

Question 22

Which of the following types of storage provides the greatest performance advantage for a traditional relational database?

Options:

A.

File

B.

Object

C.

Block

D.

Ephemeral

Question 23

Which of the following is an auditing procedure that ensures service providers securely manage the data to protect the interests of the organization and the privacy of its clients?

Options:

A.

CIS

B.

ITIL

C.

SOC2

D.

ISO 27001

Question 24

A cloud engineer wants containers to run the latest version of a container base image to reduce the number of vulnerabilities. The applications in use requite Python 3.10 and ate not compatible with any other version. The containers' images are created every time a new version is released from the source image. Given the container Dockerfile below:

Which of the following actions will achieve the objectives with the least effort?

Options:

A.

Perform docker pull before executing docker run.

B.

Execute docker update using a local cron to get the latest container version.

C.

Change the image to use python:latest on the image build process.

D.

Update the Dockerfile to pin the source image version.

Question 25

Which of the following cloud deployment strategies is best for an organization that wants to run open-source workloads with other organizations that are sharing the cost?

Options:

A.

Community

B.

Public

C.

Hybrid

D.

Private

Question 26

Which of the following describes what CRUD is typically used for?

Options:

A.

Relational databases

B.

Time series databases

C.

Graph databases

D.

NoSQL databases

Question 27

A junior cloud administrator was recently promoted to cloud administrator and has been added to the cloud administrator group. The cloud administrator group is the only one that can access the engineering VM. The new administrator unsuccessfully attempts to access the engineering VM. However, the other administrators can access it without issue. Which of the following is the best way to identify the root cause?

Options:

A.

Rebooting the engineering VM

B.

Reviewing the administrator's permissions to access the engineering VM

C.

Allowing connections from 0.0.0.070 to the engineering VM

D.

Performing a packet capture on the engineering VM

Question 28

Which of the following cloud deployment models is the best way to replicate a workload non-disruptively between on-premises servers and a public cloud?

Options:

A.

Public

B.

Community

C.

Private

D.

Hybrid

Question 29

A company wants to build its new platform using a public cloud. The workload requirements include the following:

• Implementation of custom CIS compliance

• Patch for vulnerabilities within 24 hours

• Warrant at least 1,800 IOPS per volume

Which of the following meets the requirements?

Options:

A.

SaaS

B.

laaS

C.

FaaS

D.

PaaS

Question 30

Which of the following storage resources provides higher availability and speed for currently used files?

Options:

A.

Warm/HDD

B.

Cold/SSD

C.

Hot/SSD

D.

Archive/HDD

Question 31

A social networking company operates globally. Some users from Brazil and Argentina are reporting the following error: website address was not found. Which of the following is the most likely cause of this outage?

Options:

A.

Client DNS misconfigutation

B.

Regional DNS provider outage

C.

DNS server misconfiguration

D.

DNS propagation issues

Question 32

A user's assigned cloud credentials are locked, and the user is unable to access the project's application. The cloud administrator reviews the logs and notices several attempts to log in with the user's account were made to a different application after working hours. Which of the following is the best approach for the administrator to troubleshoot this issue?

Options:

A.

Create new credentials for the user and restrict access to the authorized application.

B.

Track the source of the log-in attempts and block the IP address of the source in the WAR

C.

Reset the user's account and implement a stronger lock-out policy.

D.

Install an IDS on the network to monitor suspicious activity

Question 33

A cloud engineer needs to integrate a new payment processor with an existing e-commerce website. Which of the following technologies is the best fit for this integration?

Options:

A.

RPC over SSL

B.

Transactional SQL

C.

REST API over HTTPS

D.

Secure web socket

Question 34

Which of the following best explains the concept of migrating from on premises to the cloud?

Options:

A.

The configuration of a dedicated pipeline to transfer content to a remote location

B.

The creation of virtual instances in an external provider to transfer operations of selected servers into a new. remotely managed environment

C.

The physical transportation, installation, and configuration of company IT equipment in a cloud services provider's facility

D.

The extension of company IT infrastructure to a managed service provider

Question 35

A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.

INSTRUCTIONS

Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.

Web app 1

Web app 2

Web app 3

Web app 4

Client app

Options:

Question 36

A company's man web application is no longer accessible via the internet. The cloud administrator investigates and discovers the application is accessible locally and only via an IP access. Which of the following was misconfigured?

Options:

A.

IP

B.

DHCP

C.

NAT

D.

DNS

Question 37

A developer is deploying a new version of a containerized application. The DevOps team wants:

• No disruption

• No performance degradation

* Cost-effective deployment

• Minimal deployment time

Which of the following is the best deployment strategy given the requirements?

Options:

A.

Canary

B.

In-place

C.

Blue-green

D.

Rolling

Question 38

A cloud engineer is extending on-premises services to a public cloud. The following design requirements must be considered in the overall solution:

" The ability to remotely connect systems from both environments

• No IP address conflicts or overlap

• Cost-effectiveness

Which of the following cloud network concepts best meets these requirements?

Options:

A.

Dedicated connection

B.

VPN

C.

VLAN

D.

ACL

Question 39

A developer is building an application that has multiple microservices that need to communicate with each other. The developer currently manually updates the IP address of each service. Which of the following best resolves the communication issue and automates the process?

Options:

A.

Service discovery

B.

Fan-out

C.

Managed container services

D.

DNS

Question 40

A cloud engineer is reviewing a disaster recovery plan that includes the following requirements:

• System state, files, and configurations must be backed up on a weekly basis.

• The system state, file, and configuration backups must be tested annually.

Which of the following backup methods should the engineer implement for the first week the plan is executed?

Options:

A.

Differential

B.

Incremental

C.

Snapshot

D.

Full

Question 41

An administrator needs to adhere to the following requirements when moving a customer's data to the cloud:

• The new service must be geographically dispersed.

• The customer should have local access to data

• Legacy applications should be accessible.

Which of the following cloud deployment models is most suitable?

Options:

A.

On-premises

B.

Private

C.

Hybrid

D.

Public

Question 42

A cloud engineer wants to run a script that increases the volume storage size if it is below 100GB. Which of the following should the engineer run?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 43

A company recently migrated to a public cloud provider. The company's computer incident response team needs to configure native cloud services tor detailed logging. Which of the following should the team implement on each cloud service to support root cause analysis of past events? {Select two).

Options:

A.

Log retention

B.

Tracing

C.

Log aggregation

D.

Log rotation

E.

Hashing

F.

Encryption

Question 44

Between 11:00 a.m. and 1:00 p.m. on workdays, users report that the sales database is either not accessible, sluggish, or difficult to connect to. A cloud administrator discovers that during the impacted time, all hypervisors are at capacity. However, when 70% of the users are using the same database, those issues are not reported. Which of the following is the most likely cause?

Options:

A.

Oversubscription

B.

Resource allocation

C.

Sizing issues

D.

Service quotas

Question 45

An organization needs to retain its data for compliance reasons but only when required. Which of the following would be the most cost-effective type of tiered storage?

Options:

A.

Warm

B.

Hot

C.

Archive

D.

Cold

Question 46

Which of the following requirements are core considerations when migrating a small business's on-premises applications to the cloud? (Select two).

Options:

A.

Availability

B.

Hybrid

C.

Testing

D.

Networking

E.

Compute

F.

Logs

Question 47

A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

Which of the following changes should the engineer make lo the file to improve container security?

Options:

A.

Add the instruction "JSER nonroot.

B.

Change the version from latest to 3.11.

C.

Remove the EHTRYPOIKT instruction.

D.

Ensure myapp/main.pyls owned by root.

Question 48

A cloud developer needs to update a REST API endpoint to resolve a defect. When too many users attempt to call the API simultaneously, the following message is displayed:

Error: Request Timeout - Please Try Again Later

Which of the following concepts should the developer consider to resolve this error?

Options:

A.

Server patch

B.

TLS encryption

C.

Rate limiting

D.

Permission issues

Question 49

A cloud security analyst is looking for existing security vulnerabilities on software applications. Which of the following describes this vulnerability management phase?

Options:

A.

Analyze

B.

Report

C.

Remediation

D.

identification

Question 50

Which of the following describes the main difference between public and private container repositories?

Options:

A.

Private container repository access requires authorization, while public repository access does not require authorization.

B.

Private container repositories are hidden by default and containers must be directly referenced, while public container repositories allow browsing of container images.

C.

Private container repositories must use proprietary licenses, while public container repositories must have open-source licenses.

D.

Private container repositories are used to obfuscate the content of the Dockerfile, while public container repositories allow for Dockerfile inspection.

Question 51

A company serves customers globally from its website hosted in North America. A cloud engineer recently deployed new instances of the website in the Europe region. Which of the

following is the most likely reason?

Options:

A.

To simplify workflow

B.

To enhance security

C.

To reduce latency

D.

To decrease cost

Question 52

The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

Options:

A.

Privilege escalation

B.

Leaked credentials

C.

Cryptojacking

D.

Defaced website

Question 53

A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be exploited by a privileged process to read tie content of the host's memory. The security engineer reviews the following Dockerfile to determine a solution to mitigate similar exploits:

Which of the following is the best solution to prevent similar exploits by privileged processes?

Options:

A.

Adding the USER myappuserinstruction

B.

Patching the host running the Docker daemon

C.

Changing FROM alpiner3.17 to FROM alpine:latest

D.

Running the container with the ready-only filesystem configuration

Question 54

Which of the following application migration strategies will best suit a customer who wants to move a simple web application from an on-premises server to the cloud?

Options:

A.

Rehost

B.

Rearchitect

C.

Refactor

D.

Retain

Question 55

An organization's critical data was exfiltrated from a computer system in a cyberattack. A cloud analyst wants to identify the root cause and is reviewing the following security logs of

a software web application:

"2021/12/18 09:33:12" "10. 34. 32.18" "104. 224. 123. 119" "POST / login.php?u=administrator&p=or%201%20=1"

"2021/12/18 09:33:13" "10.34. 32.18" "104. 224. 123.119" "POST /login. php?u=administrator&p=%27%0A"

"2021/12/18 09:33:14" "10. 34. 32.18" "104. 224. 123. 119" "POST /login. php?u=administrator&p=%26"

"2021/12/18 09:33:17" "10.34. 32.18" "104. 224. 123.119" "POST / login.php?u=administrator&p=%3B"

"2021/12/18 09:33:12" "10.34. 32. 18" "104. 224. 123. 119" "POST / login. php?u=admin&p=or%201%20=1"

"2021/12/18 09:33:19" "10.34.32.18" "104. 224. 123.119" "POST / login. php?u=admin&p=%27%0A"

"2021/12/18 09:33:21" "10. 34. 32.18" "104.224. 123.119" "POST / login. php?u=admin&p=%26"

"2021/12/18 09:33:23" "10. 34. 32.18" "104. 224. 123.119" "POST / login. php?u=admin&p=%3B"

Which of the following types of attacks occurred?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Reuse of leaked credentials

D.

Privilege escalation

Question 56

A list of CVEs was identified on a web server. The systems administrator decides to close the ports and disable weak TLS ciphers. Which of the following describes this vulnerability management stage?

Options:

A.

Scanning

B.

Identification

C.

Assessment

D.

Remediation

Question 57

Which of the following communication methods between on-premises and cloud environments would ensure minimal-to-low latency and overhead?

Options:

A.

Site-to-site VPN

B.

Peer-to-peer VPN

C.

Direct connection

D.

peering

Question 58

A cloud engineer has provisioned a VM for a high-frequency trading application. After the VM is put into production, users report high latency in trades. The engineer checks the last six hours of VM metrics and sees the following:

• CPU utilization is between 30% to 60%.

• Networkln is between 50Kbps and 70Kbps.

• NetworkOut is between 3.000Kpbs and 5.000Kbps.

• DiskReadOps is at 30.

• DiskWriteOps is at 70

• Memory utilization is between 50% and 70%.

Which of the following steps should the engineer take next to solve the latency issue?

Options:

A.

Move to a network-optimized instance type as the network throughput is not enough.

B.

Modify the disk IOPS to a higher value as the disk IO is being bottlenecked at 100 IOPS.

C.

Increase the memory of the instance as the high-frequency trading application requires more RAM.

D.

Increase the instance size to allocate more vCPUs as the CPU utilization is very high.

Question 59

An on-premises data center is located in an earthquake-prone location. The workload consists of real-time, online transaction processing. Which ot the following data protection strategies should be used to back up on-premises data to the cloud while also being cost effective?

Options:

A.

Remote replication for failover

B.

A copy that is RAID 1 protected on spinning drives in an on-premises private cloud

C.

A full backup to on-site tape libraries in a private cloud

D.

Air-gapped protection to provide cyber resiliency

Question 60

A cloud administrator shortens the amount of time a backup runs. An executive in the company requires a guarantee that the backups can be restored with no data loss. Which of th€ following backup features should the administrator lest for?

Options:

A.

Encryption

B.

Retention

C.

Schedule

D.

Integrity

Question 61

Which of the following integration systems would best reduce unnecessary network traffic by allowing data to travel bidirectionally and facilitating real-time results for developers who need to display critical information within applications?

Options:

A.

REST API

B.

RPC

C.

GraphQL

D.

Web sockets

Question 62

Which of the following is the most cost-effective and efficient strategy when migrating to the cloud?

Options:

A.

Retire

B.

Replatform

C.

Retain

D.

Refactor

Question 63

A developer is testing code that will be used to deploy a web farm in a public cloud. The main code block is a function to create a load balancer and a loop to create 1.000 web servers, as shown below:

The developer runs the code against the company's cloud account and observes that the load balancer is successfully created, but only 100 web servers have been created. Which of the following should the developer do to fix this issue?

Options:

A.

Request an increase of Instance quota.

B.

Run the code multiple times until all servers are created.

C.

Check the my_web_server () function to ensure it is using the right credentials.

D.

Place the my_load_balancer () function after the loop.

Demo: 63 questions
Total 213 questions