CV0-003: CompTIA Cloud+ Topic 5
Question #: 201
Topic #: 1
A technician is trying to delete six decommissioned VMs. Four VMs were deleted without issue. However, two of the VMs cannot be deleted due to an error. Which of the following would MOST likely enable the technician to delete the VMs?
A. Remove the snapshots
B. Remove the VMs’ IP addresses
C. Remove the VMs from the resource group
D. Remove the lock from the two VMs
Selected Answer: D
Question #: 202
Topic #: 1
A cloud administrator is assigned to establish a connection between the on-premises data center and the new CSP infrastructure. The connection between the two locations must be secure at all times and provide service for all users inside the organization. Low latency is also required to improve performance during data transfer operations. Which of the following would BEST meet these requirements?
A. A VPC peering configuration
B. An IPSec tunnel
C. An MPLS connection
D. A point-to-site VPN
Selected Answer: B
Question #: 203
Topic #: 1
Users of a public website that is hosted on a cloud platform are receiving a message indicating the connection is not secure when landing on the website. The administrator has found that only a single protocol is opened to the service and accessed through the URL https://www.comptiasite.com. Which of the following would MOST likely resolve the issue?
A. Renewing the expired certificate
B. Updating the web-server software
C. Changing the crypto settings on the web server
D. Upgrading the users’ browser to the latest version
Selected Answer: A
Question #: 204
Topic #: 1
A company is considering consolidating a number of physical machines into a virtual infrastructure that will be located at its main office. The company has the following requirements
• High-performance VMs
• More secure
• Has system independence
Which of the following is the BEST platform for the company to use?
A. Type 1 hypervisor
B. Type 2 hypervisor
C. Software application virtualization
D. Remote dedicated hosting
Selected Answer: A
Question #: 205
Topic #: 1
A cloud architect is reviewing four deployment options for a new application that will be hosted by a public cloud provider. The application must meet an SLA that allows for no more than five hours of downtime annually. The cloud architect is reviewing the SLAs for the services each option will use:
Based on the information above, which of the following minimally complies with the SLA requirements?
A. Option A
B. Option B
C. Option C
D. Option D
Selected Answer: C
Question #: 206
Topic #: 1
A systems administrator is deploying a new cloud application and needs to provision cloud services with minimal effort. The administrator wants to reduce the tasks required for maintenance, such as OS patching, VM and volume provisioning, and autoscaling configurations. Which of the following would be the BEST option to deploy the new application?
A. A VM cluster
B. Containers
C. OS templates
D. Serverless
Selected Answer: D
Question #: 207
Topic #: 1
A company wants to move its environment from on premises to the cloud without vendor lock-in. Which of the following would BEST meet this requirement?
A. DBaaS
B. SaaS
C. IaaS
D. PaaS
Selected Answer: C
Question #: 208
Topic #: 1
A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance is very slow at the start of the workday, but the performance is fine during the rest of the day. Which of the following is the MOST likely cause of the issue? (Choose two.)
A. Disk I/O limits
B. Affinity rule
C. CPU oversubscription
D. RAM usage
E. Insufficient GPU resources
F. License issues
Selected Answer: AD
Question #: 211
Topic #: 1
A disaster situation has occurred, and the entire team needs to be informed about the situation. Which of the following documents will help the administrator find the details of the relevant team members for escalation?
A. Chain of custody
B. Root cause analysis
C. Playbook
D. Call tree
Selected Answer: D
Question #: 214
Topic #: 1
A systems administrator wants to restrict access to a set of sensitive files to a specific group of users. Which of the following will achieve the objective?
A. Add audit rules on the server
B. Configure data loss prevention in the environment
C. Change tine permissions and ownership of the files
D. Implement a HIPS solution on the host
Selected Answer: C
Question #: 215
Topic #: 1
A cloud administrator has created a new asynchronous workflow lo deploy VMs to the cloud in bulk. When the workflow is tested for a single VM, it completes successfully. However, if the workflow is used to create 50 VMs at once, the job fails. Which of the following is the MOST likely cause of the issue? (Choose two.)
A. Incorrect permissions
B. Insufficient storage
C. Billing issues with the cloud provider
D. No connectivity to the public cloud
E. Expired API token
F. Disabled autoscaling
Selected Answer: BF
Question #: 216
Topic #: 1
A systems administrator has verified that a physical switchport that is connected to a virtualization host is using all available bandwidth. Which of the following would BEST address this issue?
A. Port mirroring
B. Link aggregation
C. Spanning tree
D. Microsegmentation
Selected Answer: C
Question #: 217
Topic #: 1
A piece of software applies licensing fees on a socket-based model. Which of the following is the MOST important consideration when attempting to calculate the licensing costs for this software?
A. The amount of memory in the server
B. The number of CPUs in the server
C. The type of cloud in which the software is deployed
D. The number of customers who will be using the software
Selected Answer: B
Question #: 219
Topic #: 1
A cloud administrator is evaluating a solution that will limit access to authorized individuals. The solution also needs to ensure the system that connects to the environment meets patching, antivirus and configuration requirements. Which of the following technologies would BEST meet these requirements?
A. NAC
B. EDR
C. IDS
D. HIPS
Selected Answer: A
Question #: 220
Topic #: 1
A security team is conducting an audit of the security group configurations for the Linux servers that are hosted in a public IaaS The team identifies the following rule as a potential issue:
A cloud administrator, who is working remotely, logs in to the cloud management console and modifies the rule to set the source to “My IP.” Shortly after deploying the rule, an internal developer receives the following error message when attempting to log in to the server using SSH: Network error: Connection timed out. However, the administrator is able to connect successfully to the same server using SSH. Which of the following is the BEST option for both the developer and the administrator to access the server from their locations?
A. Modify the outbound rule to allow the company’s external IP address as a source
B. Add an inbound rule to use the IP address for the company’s main office as a source
C. Modify the inbound rule to allow the company’s external IP address as a source
D. Delete the inbound rule to allow the company’s external IP address as a source
Selected Answer: C
Question #: 221
Topic #: 1
A systems administrator needs to modify the replication factors of an automated application container from 3 to 5. Which of the following file types should the systems administrator modify on the master controller?
A. .yaml
B. .txt
C. .conf
D. .etcd
Selected Answer: A
Question #: 222
Topic #: 1
An organization is conducting a performance test of a public application. The following actions have already been completed:
• The baseline performance has been established
• A load test has passed.
• A benchmark report has been generated
Which of the following needs to be done to conclude the performance test?
A. Verify the application works well under an unexpected volume of requests.
B. Assess the application against vulnerabilities and/or misconfiguration exploitation.
C. Test how well the application can resist a DDoS attack.
D. Conduct a test with the end users and collect feedback.
Selected Answer: A
Question #: 223
Topic #: 1
Audit and system logs are being forwarded to a syslog solution. An administrator observes that two application servers have not generated any logs for a period of three days, while others continue to send logs normally. Which of the following BEST explains what is occurring?
A. There is a configuration failure in the syslog solution
B. The application servers were migrated to the cloud as IaaS instances
C. The application administrators have not performed any activity in those servers
D. There is a local firewall policy restriction on the syslog server
Selected Answer: A
Question #: 224
Topic #: 1
A cloud administrator needs to control the connections between a group of web servers and database servers as part of the financial application security review. Which of the following would be the BEST way to achieve this objective?
A. Create a directory security group
B. Create a resource group
C. Create separate VLANs
D. Create a network security group
Selected Answer: B
Question #: 225
Topic #: 1
A large pharmaceutical company needs to ensure it is in compliance with the following requirements:
• An application must run on its own virtual machine.
• The hardware the application is hosted on does not change.
Which of the following will BEST ensure compliance?
A. Containers
B. A firewall
C. Affinity rules
D. Load balancers
Selected Answer: C
Question #: 226
Topic #: 1
A company wants to utilize its private cloud for a new application. The private cloud resources can meet 75% of the application’s resource requirements. Which of the following scaling techniques can the cloud administrator implement to accommodate 100% of the application’s requirements?
A. Horizontal
B. Vertical
C. Cloud bursting
D. Autoscaling
Selected Answer: B
Question #: 227
Topic #: 1
A systems administrator is configuring a storage system for maximum performance and redundancy. Which of the following storage technologies should the administrator use to achieve this?
A. RAID 5
B. RAID 6
C. RAID 10
D. RAID 50
Selected Answer: C
Question #: 228
Topic #: 1
A company is performing a DR drill and is looking to validate its documentation. Which of the following metrics will determine the service recovery duration?
A. MTTF
B. SLA
C. RTO
D. RPO
Selected Answer: C
Question #: 229
Topic #: 1
A company is migrating workloads from on premises to the cloud and would like to establish a connection between the entire data center and the cloud environment. Which of the following VPN configurations would accomplish this task?
A. Site-to-site
B. Client-to-site
C. Point-to-site
D. Point-to-point
Selected Answer: A
Question #: 230
Topic #: 1
A product-based company wants to transition to a method that provides the capability to enhance the product seamlessly and keep the development iterations to a shorter time frame. Which of the following would BEST meet these requirements?
A. Implement a secret management solution
B. Create autoscaling capabilities
C. Develop CI/CD tools
D. Deploy a CMDB tool
Selected Answer: C
Question #: 231
Topic #: 1
A company is using an IaaS environment. Which of the following licensing models would BEST suit the organization from a financial perspective to implement scaling?
A. Subscription
B. Volume-based
C. Per user
D. Socket-based
Selected Answer: B
Question #: 233
Topic #: 1
A cloud administrator has deployed a website and needs to improve the site security to meet requirements. The website architecture is designed to have a DBaaS in the back end and autoscaling instances in the front end using a load balancer to distribute the request. Which of the following will the cloud administrator MOST likely use?
A. An API gateway
B. An IPS/IDS
C. A reverse proxy
D. A WAF
Selected Answer: D
Question #: 234
Topic #: 1
An administrator manages a file server that has a lot of users accessing and creating many files. As a result, the storage consumption is growing quickly. Which of the following would BEST control storage usage?
A. Compression
B. File permissions
C. User quotas
D. Access policies
Selected Answer: C
Question #: 235
Topic #: 1
A systems administrator is writing a script for provisioning nodes in the environment. Which of the following would be BEST for the administrator to use to provision the authentication credentials to the script?
A. password=’curl https://10.2.3.4/api/sytemops?op=provision’
B. password=$env_password
C. password=$(cat /opt/app/credentials)
D. password=”MyS3cretP4sswordIsVeryL0ng”
Selected Answer: B
Question #: 236
Topic #: 1
A cloud administrator is configuring several security appliances hosted in the private IaaS environment to forward the logs to a central log aggregation solution using syslog. Which of the following firewall rules should the administrator add to allow the web servers to connect to the central log collector?
A. Allow UDP 161 outbound from the web servers to the log collector
B. Allow TCP 514 outbound from the web servers to the log collector
C. Allow UDP 161 inbound from the log collector to the web servers
D. Allow TCP 514 inbound from the log collector to the web servers
Selected Answer: B
Question #: 237
Topic #: 1
A company has two identical environments (X and Y) running its core business application. As part of an upgrade, the X environment is patched/upgraded and tested while the Y environment is still serving the consumer workloads. Upon successful testing of the X environment, all workload is sent to this environment, and the Y environment is then upgraded before both environments start to manage the workloads. Which of the following upgrade methods is being used?
A. Active-passive
B. Canary
C. Development/production
D. Blue-green
Selected Answer: D
Question #: 238
Topic #: 1
A systems administrator received an email from a cloud provider stating that storage is 80% full on the volume that stores VDI desktops. Which of the following is the MOST efficient way to mitigate the situation?
A. Deduplication
B. Compression
C. Replication
D. Storage migration
Selected Answer: A
Question #: 239
Topic #: 1
During a security incident, an IaaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?
A. Isolate the instance from the network into quarantine
B. Perform a memory acquisition in the affected instance
C. Create a snapshot of the volumes attached to the instance
D. Replace the instance with another from the baseline
Selected Answer: A
Question #: 242
Topic #: 1
A systems administrator is responding to an outage in a cloud environment that was caused by a network-based flooding attack. Which of the following should the administrator configure to mitigate the attack?
A. NIPS
B. Network overlay using GENEVE
C. DDoS protection
D. DoH
Selected Answer: C
Question #: 243
Topic #: 1
A cloud administrator is troubleshooting a highly available web application running within three containers behind a Layer 7 load balancer with a WAF inspecting all traffic. The application frequently asks the users to log in again even when the session timeout has not been reached. Which of the following should the cloud administrator configure to solve this issue?
A. Firewall outbound rules
B. Firewall inbound rules
C. Load balancer certificates
D. Load balancer stickiness
E. WAF transaction throttling
Selected Answer: D
Question #: 244
Topic #: 1
A cloud solutions architect has received guidance to migrate an application from on premises to a public cloud. Which of the following requirements will help predict the operational expenditures in the cloud?
A. Average resource consumption
B. Maximum resource consumption
C. Minimum resource consumption
D. Actual hardware configuration
Selected Answer: A
Question #: 245
Topic #: 1
A systems administrator is working on the backup schedule for a critical business application that is running in a private cloud. Which of the following would help the administrator schedule the frequency of the backup job?
A. RPO
B. MTTR
C. SLA
D. RTO
Selected Answer: A
Question #: 246
Topic #: 1
A systems administrator is helping to develop a disaster recovery solution. The solution must ensure all production capabilities are available within two hours. Which of the following will BEST meet this requirement?
A. A hot site
B. A warm site
C. A backup site
D. A cold site
Selected Answer: A
Question #: 248
Topic #: 1
A cloud administrator needs to coordinate and automate the management of a company’s secrets and keys for all its cloud services with minimal effort and low cost. Which of the following is the BEST option to achieve the goal?
A. Implement database as a service
B. Configure Key Vault
C. Use password as a service
D. Implement KeePass
Selected Answer: B
