CompTIA Cloud+ Certification CV0-003 Exam Practice Test

Page: 1 / 14
Total 453 questions
Question 1

A cloud engineer is deploying a server in a cloud platform. The engineer reviews a security scan report. Which of the following recommended services should be disabled? (Select TWO).



Answer : A, B

Telnet and FTP are two services that should be disabled on a cloud server because they are insecure and vulnerable to attacks. Telnet and FTP use plain text to transmit data over the network, which means that anyone who can intercept the traffic can read or modify the data, including usernames, passwords, commands, files, etc.This can lead to data breaches, unauthorized access, or malicious actions on the server1.

Instead of Telnet and FTP, more secure alternatives should be used, such as SSH (Secure Shell) and SFTP (Secure File Transfer Protocol). SSH and SFTP use encryption to protect the data in transit and provide authentication and integrity checks for the communication.SSH and SFTP can prevent eavesdropping, tampering, or spoofing of the data and ensure the confidentiality and privacy of the server2.

The other options are not services that should be disabled on a cloud server:

Option C: Remote login. Remote login is a service that allows users to access a remote server from another location using a network connection. Remote login can be useful for managing, configuring, or troubleshooting a cloud server without having to physically access it.Remote login can be secured by using encryption, authentication, authorization, and logging mechanisms3.

Option D: DNS (Domain Name System). DNS is a service that translates human-friendly domain names into IP addresses that can be used to communicate over the Internet. DNS is essential for resolving the names of the cloud resources and services that are hosted on the cloud platform. DNS can be secured by using DNSSEC (DNS Security Extensions), which add digital signatures to DNS records to verify their authenticity and integrity.

Option E: DHCP (Dynamic Host Configuration Protocol). DHCP is a service that assigns IP addresses and other network configuration parameters to devices on a network. DHCP can simplify the management of IP addresses and avoid conflicts or errors in the network. DHCP can be secured by using DHCP snooping, which filters out unauthorized DHCP messages and prevents rogue DHCP servers from assigning IP addresses.

Option F: LDAP (Lightweight Directory Access Protocol). LDAP is a service that stores and organizes information about users, devices, and resources on a network. LDAP can provide identity management and access control for the cloud environment. LDAP can be secured by using LDAPS (LDAP over SSL/TLS), which encrypts the LDAP traffic and provides authentication and integrity checks.


Question 2

After initial stress testing showed that a platform performed well with the specification of a single 32 vCPU node, which of the following will provide the desired service with the LOWEST cost and downtime?



Answer : C

The best option to provide the desired service with the lowest cost and downtime after initial stress testing showed that a platform performed well with the specification of a single 32 vCPU node is to use three to six 8 vCPU nodes autoscaling group. An autoscaling group is a feature that allows dynamically adjusting the number of instances or nodes in a cluster based on the demand or load. This option will provide high availability, scalability, and performance for the service, while also optimizing the cost and resource utilization by adding or removing nodes as needed. Reference: [CompTIA Cloud+ Certification Exam Objectives], Domain 3.0 Maintenance, Objective 3.4 Given a scenario, implement automation and orchestration to optimize cloud operations.


Question 3

A cloud administrator needs to coordinate and automate the management of a company's secrets and keys for all its cloud services with minimal effort and low cost. Which of the following is the BEST option to achieve the goal?



Answer : B


Key Vault is a service that allows you to store and manage secrets and keys for your cloud services in a secure and centralized way. It also provides access control, auditing, and encryption features. This would be the best option to automate the management of secrets and keys for all cloud services with minimal effort and low cost. Reference:CompTIA Cloud+ Certification Exam Objectives, Domain 3.0 Maintenance, Objective 3.4 Given a scenario, implement automation and orchestration to optimize cloud operations.

Question 4

A cloud engineer has container images stored on a local filesystem. The developers would like to make the images available for mass deployment in a secure manner. Which of the following technologies best meets the requirements?



Answer : C

1. Understanding the Requirement:

The goal is to make container images available for mass deployment securely.

The solution should support containerized environments like Kubernetes or Docker.

2. Analyzing the Options:

A . Encrypted block storage:

Incorrect. Block storage is suitable for raw data or volumes but does not provide the functionalities needed for managing or deploying container images.

B . CIFS share:

Incorrect. CIFS is used for file sharing across networks but lacks security and deployment features specific to container images.

C . Private registry:

Correct. A private registry, such as Docker Hub or Harbor, securely stores and distributes container images for mass deployment.

D . Source control management:

Incorrect. Tools like Git manage source code, not container images.

3. Why Private Registry is Ideal:

Allows secure access control for container images.

Integrates seamlessly with deployment tools and orchestration platforms like Kubernetes.

4. Reference:

CompTIA Cloud+ Objectives:

Section 3.1 - Provision storage in cloud environments, emphasizing secure image management.

CompTIA Study Guide: Discusses private registries for containerized environments.


Question 5

A systems administrator is provisioning VMs in a cloud environment and has been told to select an OS build with the furthest end-of-life date.

Which of the following OS builds would be BEST for the systems administrator to use?



Answer : B

Long-term support (LTS) is a type of release cycle that provides extended support and maintenance for software products or operating systems. LTS releases typically have longer end-of-life dates than regular releases, as they receive security updates, bug fixes, and patches for several years after their initial release date. LTS releases can also offer higher stability, reliability, and compatibility than regular releases, as they undergo more testing and quality assurance processes before being released. LTS is the best OS build for a systems administrator to use when provisioning VMs in a cloud environment and being told to select an OS build with the furthest end-of-life date. Reference:CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6


Question 6

Audit and system logs are being forwarded to a syslog solution. An administrator observes that two application servers have not generated any logs for a period of three days, while others continue to send logs normally. Which of the following BEST explains what is occurring?



Answer : B

One possible explanation for why two application servers have not generated any logs for a period of three days, while others continue to send logs normally, is that the application servers were migrated to the cloud as laaS (Infrastructure as a Service) instances. laaS is a cloud service model that provides virtualized computing resources over the internet, such as servers, storage, network, and operating systems. When an application server is migrated to the cloud as an laaS instance, it may require some configuration changes to enable the syslog forwarding to the same destination as before. For example, the laaS instance may have a different IP address, hostname, firewall rules, or network settings than the original server. If these changes are not properly made, the laaS instance may not be able to communicate with the syslog solution and send logs as expected.


Question 7

A company has two primary offices, one in the United States and one in Europe. The company uses a public laaS service that has a global data center presence to host its marketing materials. The marketing team, which is primarily based in Europe, has reported latency issues when retrieving these materials. Which of the following is the BEST option to reduce the latency issues?



Answer : B

The best option to reduce the latency issues for the marketing team that is primarily based in Europe when retrieving the marketing materials that are hosted on a public IaaS service is to integrate a CDN (content delivery network) solution to distribute web content globally. A CDN is a network of geographically distributed servers that cache and deliver web content to users based on their proximity and network conditions. A CDN can improve the performance and availability of web content by reducing the distance and hops between the users and the servers, as well as offloading the traffic from the origin server. Reference: [CompTIA Cloud+ Certification Exam Objectives], Domain 3.0 Maintenance, Objective 3.4 Given a scenario, implement automation and orchestration to optimize cloud operations


Page:    1 / 14   
Total 453 questions