CV0-003: CompTIA Cloud+ Topic 2
Question #: 51
Topic #: 1
An organization requires the following to be achieved between the finance and marketing departments:
✑ Allow HTTPS/HTTP.
✑ Disable FTP and SMB traffic.
Which of the following is the MOST suitable method to meet the requirements?
A. Implement an ADC solution to load balance the VLAN traffic.
B. Configure an ACL between the VLANs.
C. Implement 802.1X in these VLANs.
D. Configure on-demand routing between the VLANs.
Selected Answer: B
Question #: 52
Topic #: 1
A company wants to check its infrastructure and application for security issues regularly. Which of the following should the company implement?
A. Performance testing
B. Penetration testing
C. Vulnerability testing
D. Regression testing
Selected Answer: C
Question #: 53
Topic #: 1
A systems administrator is analyzing a report of slow performance in a cloud application. This application is working behind a network load balancer with two VMs, and each VM has its own digital certificate configured. Currently, each VM is consuming 85% CPU on average. Due to cost restrictions, the administrator cannot scale vertically or horizontally in the environment. Which of the following actions should the administrator take to decrease the CPU utilization? (Choose two.)
A. Configure the communication between the load balancer and the VMs to use a VPN.
B. Move the digital certificate to the load balancer.
C. Configure the communication between the load balancer and the VMs to use HTTP.
D. Reissue digital certificates on the VMs.
E. Configure the communication between the load balancer and the VMs to use HTTPS.
F. Keep the digital certificates on the VMs.
Selected Answer: BE
Question #: 54
Topic #: 1
A private IaaS administrator is receiving reports that all newly provisioned Linux VMs are running an earlier version of the OS than they should be. The administrator reviews the automation scripts to troubleshoot the issue and determines the scripts ran successfully. Which of the following is the MOST likely cause of the issue?
A. API version incompatibility
B. Misconfigured script account
C. Wrong template selection
D. Incorrect provisioning script indentation
Selected Answer: C
Question #: 55
Topic #: 1
A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled. Which of the following techniques would BEST help the administrator assess these business requirements?
A. Performance testing
B. Usability testing
C. Vulnerability testing
D. Regression testing
Selected Answer: C
Question #: 56
Topic #: 1
A DevOps administrator is automating an existing software development workflow. The administrator wants to ensure that prior to any new code going into production, tests confirm the new code does not negatively impact existing automation activities. Which of the following testing techniques would be BEST to use?
A. Usability testing
B. Regression testing
C. Vulnerability testing
D. Penetration testing
Selected Answer: B
Question #: 57
Topic #: 1
Some VMs that are hosted on a dedicated host server have each been allocated with 32GB of memory. Some of VMs are not utilizing more than 30% of the allocation. Which of the following should be enabled to optimize the memory utilization?
A. Auto-scaling of compute
B. Oversubscription
C. Dynamic memory allocations on guests
D. Affinity rules in the hypervisor
Selected Answer: C
Question #: 58
Topic #: 1
A systems administrator would like to reduce the network delay between two servers. Which of the following will reduce the network delay without taxing other system resources?
A. Decrease the MTU size on both servers.
B. Adjust the CPU resources on both servers.
C. Enable compression between the servers.
D. Configure a VPN tunnel between the servers.
Selected Answer: A
Question #: 59
Topic #: 1
An SQL injection vulnerability was reported on a web application, and the cloud platform team needs to mitigate the vulnerability while it is corrected by the development team. Which of the following controls will BEST mitigate the risk of exploitation?
A. DLP
B. HIDS
C. NAC
D. WAF
Selected Answer: B
Question #: 60
Topic #: 1
To save on licensing costs, the on-premises, IaaS-hosted databases need to be migrated to a public DBaaS solution. Which of the following would be the BEST technique?
A. Live migration
B. Physical-to-virtual
C. Storage-level mirroring
D. Database replication
Selected Answer: D
Question #: 61
Topic #: 1
A systems administrator swapped a failed hard drive on a server with a RAID 5 array. During the RAID resynchronization, a second hard drive failed. Which of the following actions will make the server fully operational?
A. Restart the RAID resynchronization process.
B. Perform a P2V migration of the server.
C. Swap the failed hard drive with a fresh one.
D. Restore the server from backup.
Selected Answer: D
Question #: 62
Topic #: 1
A cloud administrator recently deployed an update to the network drivers of several servers. Following the update, one of the servers no longer responds to remote login requests. The cloud administrator investigates the issue and gathers the following information:
✑ The cloud management console shows the VM is running and the CPU and memory utilization is at or near 0%.
✑ The cloud management console does not show an IP address for that server.
✑ A DNS lookup shows the hostname resolves to an IP address.
✑ The server is a member of the same security group as the others.
✑ The cloud administrator is able to log in remotely to the other servers without issue.
Which of the following is the MOST likely cause of the server being unavailable?
A. The network driver updates did not apply successfully, and the interface is in a down state.
B. The ACL policy for the server was updated as part of the server reboot, preventing login access.
C. The server was assigned a new IP address, and DNS entry for the server name was not updated.
D. The update caused an increase in the output to the logs, and the server is too busy to respond.
Selected Answer: A
Question #: 63
Topic #: 1
A company is planning to migrate applications to a public cloud, and the Chief Information Officer (CIO) would like to know the cost per business unit for the applications in the cloud. Before the migration, which of the following should the administrator implement FIRST to assist with reporting the cost for each business unit?
A. An SLA report
B. Tagging
C. Quotas
D. Showback
Selected Answer: B
Question #: 64
Topic #: 1
A cloud administrator would like to deploy a cloud solution to its provider using automation techniques. Which of the following must be used? (Choose two.)
A. Auto-scaling
B. Tagging
C. Playbook
D. Templates
E. Containers
F. Serverless
Selected Answer: CD
Question #: 65
Topic #: 1
A systems administrator needs to configure monitoring for a private cloud environment. The administrator has decided to use SNMP for this task. Which of the following ports should the administrator open on the monitoring server’s firewall?
A. 53
B. 123
C. 139
D. 161
Selected Answer: D
Question #: 66
Topic #: 1
A cloud administrator is switching hosting companies and using the same script that was previously used to deploy VMs in the new cloud. The script is returning errors that the command was not found. Which of the following is the MOST likely cause of the script failure?
A. Account mismatches
B. IP address changes
C. API version incompatibility
D. Server name changes
Selected Answer: C
Question #: 67
Topic #: 1
A systems administrator is configuring network management but is concerned about confidentiality. Which of the following should the administrator configure to address this concern?
A. SNMPv3
B. Community strings
C. IPSec tunnels
D. ACLs
Selected Answer: A
Question #: 68
Topic #: 1
Which of the following will provide a systems administrator with the MOST information about potential attacks on a cloud IaaS instance?
A. Network flows
B. FIM
C. Software firewall
D. HIDS
Selected Answer: D
Question #: 69
Topic #: 1
A cloud administrator is designing a multiregion network within an IaaS provider. The business requirements for configuring the network are as follows:
✑ Use private networking in and between the multisites for data replication.
✑ Use low latency to avoid performance issues.
Which of the following solutions should the network administrator use within the IaaS provider to connect multiregions?
A. Peering
B. Gateways
C. VPN
D. Hub and spoke
Selected Answer: D
Question #: 70
Topic #: 1
An organization is hosting a cloud-based web server infrastructure that provides web-hosting solutions. Sudden continuous bursts of traffic have caused the web servers to saturate CPU and network utilizations. Which of the following should be implemented to prevent such disruptive traffic from reaching the web servers?
A. Solutions to perform NAC and DLP
B. DDoS protection
C. QoS on the network
D. A solution to achieve microsegmentation
Selected Answer: C
Question #: 71
Topic #: 1
A systems administrator needs to configure a set of policies to protect the data to comply with mandatory regulations. Which of the following should the administrator implement to ensure DLP efficiency prevents the exposure of sensitive data in a cloud environment?
A. Integrity
B. Versioning
C. Classification
D. Segmentation
Selected Answer: C
Question #: 72
Topic #: 1
Users of an enterprise application, which is configured to use SSO, are experiencing slow connection times. Which of the following should be done to troubleshoot the issue?
A. ג€¢ Perform a memory dump of the OS. ג€¢ Analyze the memory dump. ג€¢ Upgrade the host CPU to a higher clock speed CPU.
B. ג€¢ Perform a packet capture during authentication. ג€¢ Validate the load-balancing configuration. ג€¢ Analyze the network throughput of the load balancer.
C. ג€¢ Analyze the storage system IOPS. ג€¢ Increase the storage system capacity. ג€¢ Replace the storage system disks to SSD.
D. ג€¢ Evaluate the OS ACLs. ג€¢ Upgrade the router firmware. ג€¢ Increase the memory on the router.
Selected Answer: B
Question #: 73
Topic #: 1
A systems administrator recently upgraded the processors in a web application host. Upon the next login, the administrator sees a new alert regarding the license being out of compliance. Which of the following licensing models is the application MOST likely using?
A. Per device
B. Per user
C. Core-based
D. Volume-based
Selected Answer: C
Question #: 74
Topic #: 1
A company is currently running a website on site. However, because of a business requirement to reduce current RTO from 12 hours to one hour, and the RPO from one day to eight hours, the company is considering operating in a hybrid environment. The website uses mostly static files and a small relational database.
Which of the following should the cloud architect implement to achieve the objective at the LOWEST cost possible?
A. Implement a load-balanced environment in the cloud that is equivalent to the current on-premises setup and use DNS to shift the load from on premises to cloud.
B. Implement backups to cloud storage and infrastructure as code to provision the environment automatically when the on-premises site is down. Restore the data from the backups.
C. Implement a website replica in the cloud with auto-scaling using the smallest possible footprint. Use DNS to shift the load from on premises to the cloud.
D. Implement a CDN that caches all requests with a higher TTL and deploy the IaaS instances manually in case of disaster. Upload the backup on demand to the cloud to restore on the new instances.
Selected Answer: B
Question #: 75
Topic #: 1
After analyzing a web server’s log, a systems administrator sees that users are connecting to the company’s application through HTTP instead of HTTPS. The administrator then configures a redirect from HTTP to HTTPS on the web server, and the application responds with a connection time-out message. Which of the following should the administrator verify NEXT?
A. The TLS certificate
B. The firewall rules
C. The concurrent connection limit
D. The folder permissions
Selected Answer: B
Question #: 76
Topic #: 1
A company needs to access the cloud administration console using its corporate identity. Which of the following actions would MOST likely meet the requirements?
A. Implement SSH key-based authentication.
B. Implement cloud authentication with local LDAP.
C. Implement multifactor authentication.
D. Implement client-based certificate authentication.
Selected Answer: B
Question #: 77
Topic #: 1
A cloud administrator is planning to migrate a globally accessed application to the cloud. Which of the following should the cloud administrator implement to BEST reduce latency for all users?
A. Regions
B. Auto-scaling
C. Clustering
D. Cloud bursting
Selected Answer: A
Question #: 78
Topic #: 1
A company needs a solution to find content in images. Which of the following technologies, when used in conjunction with cloud services, would facilitate the
BEST solution?
A. Internet of Things
B. Digital transformation
C. Artificial intelligence
D. DNS over TLS
Selected Answer: C
Question #: 79
Topic #: 1
An organization is developing a new solution for hosting an external website. The systems administrator needs the ability to manage the OS. Which of the following methods would be MOST suitable to achieve this objective?
A. Deploy web servers into an IaaS provider.
B. Implement a cloud-based VDI solution.
C. Provision web servers in a container environment.
D. Use PaaS components in the cloud to implement the product.
Selected Answer: A
Question #: 80
Topic #: 1
A systems administrator is provisioning VMs in a cloud environment and has been told to select an OS build with the furthest end-of-life date. Which of the following OS builds would be BEST for the systems administrator to use?
A. Open-source
B. LTS
C. Canary
D. Beta
E. Stable
Selected Answer: B
Question #: 81
Topic #: 1
A cloud administrator set up a link between the private and public cloud through a VPN tunnel. As part of the migration, a large set of files will be copied. Which of the following network ports are required from a security perspective?
A. 22, 53, 445
B. 22, 443, 445
C. 25, 123, 443
D. 137, 139, 445
Selected Answer: B
Question #: 82
Topic #: 1
A company is preparing a hypervisor environment to implement a database cluster. One of the requirements is to share the disks between the nodes of the cluster to access the same LUN. Which of the following protocols should the company use? (Choose two.)
A. CIFS
B. FTP
C. iSCSI
D. RAID 10
E. NFS
F. FC
Selected Answer: CF
Question #: 83
Topic #: 1
A cloud administrator is working in a secure government environment. The administrator needs to implement corrective action due to recently identified security issue on the OS of a VM that is running a facility-management application in a cloud environment. The administrator needs to consult the application vendor, so it might take some time to resolve the issue. Which of the following is the FIRST action the administrator should take while working on the resolution?
A. Shut down the server.
B. Upgrade the OS
C. Update the risk register.
D. Raise a problem ticket.
Selected Answer: D
Question #: 84
Topic #: 1
A DevOps administrator is designing a new machine-learning platform. The application needs to be portable between public and private clouds and should be kept as small as possible. Which of the following approaches would BEST meet these requirements?
A. Virtual machines
B. Software as a service
C. Serverless computing
D. Containers
Selected Answer: D
Question #: 85
Topic #: 1
A cloud administrator wants to have a central repository for all the logs in the company’s private cloud. Which of the following should be implemented to BEST meet this requirement?
A. SNMP
B. Log scrubbing
C. CMDB
D. A syslog server
Selected Answer: D
Question #: 86
Topic #: 1
A company needs to rehost its ERP system to complete a datacenter migration to the public cloud. The company has already migrated other systems and configured VPN connections. Which of the following MOST likely needs to be analyzed before rehosting the ERP?
A. Software
B. Licensing
C. Right-sizing
D. The network
Selected Answer: B
Question #: 87
Topic #: 1
An administrator is securing a private cloud environment and wants to ensure only approved systems can connect to switches. Which of the following would be
MOST useful to accomplish this task?
A. VLAN
B. NIPS
C. WAF
D. NAC
Selected Answer: D
Question #: 88
Topic #: 1
An organization is currently deploying a private cloud model. All devices should receive the time from the local environment with the least administrative effort.
Which of the following ports needs to be opened to fulfill this requirement?
A. 53
B. 67
C. 123
D. 161
Selected Answer: C
Question #: 89
Topic #: 1
A cloud security analyst needs to ensure the web servers in the public subnet allow only secure communications and must remediate any possible issue. The stateful configuration for the public web servers is as follows:
Which of the following actions should the analyst take to accomplish the objective?
A. Remove rules 1, 2, and 5.
B. Remove rules 1, 3, and 4.
C. Remove rules 2, 3, and 4.
D. Remove rules 3, 4, and 5.
Selected Answer: B
Question #: 90
Topic #: 1
Which of the following definitions of serverless computing BEST explains how it is different from using VMs?
A. Serverless computing is a cloud-hosting service that utilizes infrastructure that is fully managed by the CSP.
B. Serverless computing uses predictable billing and offers lower costs than VM compute services.
C. Serverless computing is a scalable, highly available cloud service that uses SDN technologies.
D. Serverless computing allows developers to focus on writing code and organizations to focus on business.
Selected Answer: D
Question #: 91
Topic #: 1
A system administrator has provisioned a new web server. Which of the following, in combination, form the best practice to secure the server’s OS? (Choose three.)
A. Install TLS certificates on the server.
B. Forward port 80 traffic to port 443.
C. Disable TLS 1.0/1.1 and SSL.
D. Disable password authentication.
E. Enable SSH key access only.
F. Provision the server in a separate VPC.
G. Disable the superuser/administrator account.
H. Restrict access on port 22 to the IP address of the administrator’s workstation.
Selected Answer: EGH
Question #: 92
Topic #: 1
A technician needs to deploy two virtual machines in preparation for the configuration of a financial application next week. Which of the following cloud deployment models should the technician use?
A. XaaS
B. IaaS
C. PaaS
D. SaaS
Selected Answer: B
Question #: 93
Topic #: 1
A system administrator supports an application in the cloud, which includes a restful API that receives an encrypted message that is passed to a calculator system. The administrator needs to ensure the proper function of the API using a new automation tool. Which of the following techniques would be BEST for the administrator to use to accomplish this requirement?
A. Functional testing
B. Performance testing
C. Integration testing
D. Unit testing
Selected Answer: A
Question #: 94
Topic #: 1
A cloud solutions architect needs to determine the best strategy to deploy an application environment in production, given the following requirements:
* No downtime
* Instant switch to a new version using traffic control for all users
Which of the following deployment strategies would be the BEST solution?
A. Hot site
B. Blue-green
C. Canary
D. Rolling
Selected Answer: B
Question #: 95
Topic #: 1
A cloud security analyst is implementing a vulnerability scan of the web server in the DMZ, which is running in an IaaS compute instance. The default inbound firewall settings are as follows:
Which of the following will provide the analyst with the MOST accurate report?
A. An agent-based scan
B. A network vulnerability scan
C. A default and common credentialed scan
D. A network credentialed vulnerability scan
Selected Answer: D
Question #: 96
Topic #: 1
A systems administrator needs to configure SSO authentication in a hybrid cloud environment. Which of the following is the BEST technique to use?
A. Access controls
B. Federation
C. Multifactor authentication
D. Certificate authentication
Selected Answer: B
Question #: 97
Topic #: 1
A systems administrator wants to verify the word “qwerty” has not been used as a password on any of the administrative web consoles in a network. Which of the following will achieve this goal?
A. A service availability scan
B. An agent-based vulnerability scan
C. A default and common credentialed scan
D. A network port scan
Selected Answer: C
Question #: 98
Topic #: 1
An administrator has been informed that some requests are taking a longer time to respond than other requests of the same type. The cloud consumer is using multiple network service providers and is performing link load balancing for bandwidth aggregation. Which of the following commands will help the administrator understand the possible latency issues?
A. ping
B. ipconfig
C. traceroute
D. netstat
Selected Answer: C
Question #: 99
Topic #: 1
A company has an in-house-developed application. The administrator wants to utilize cloud services for additional peak usage workloads. The application has a very unique stack of dependencies. Which of the following cloud service subscription types would BEST meet these requirements?
A. PaaS
B. SaaS
C. DBaaS
D. IaaS
Selected Answer: D
Question #: 100
Topic #: 1
A systems administrator notices that a piece of networking equipment is about to reach its end of support. Which of the following actions should the administrator recommend?
A. Update the firmware.
B. Migrate the equipment to the cloud.
C. Update the OS.
D. Replace the equipment.
Selected Answer: B
