CompTIA CV0-003 CompTIA Cloud+ Certification Exam Practice Test

Page: 1 / 14
Total 453 questions
Question 1

During a security incident, an laaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?



Answer : A

The first step in incident response is to contain the incident activities and attackers, which means preventing them from spreading to other systems or causing more damage. In this case, the security analyst should isolate the instance from the network into quarantine, which means cutting off its communication with other hosts and services. This will stop the cryptocurrency mining activity and prevent the attacker from accessing the instance remotely. Isolating the instance also preserves the evidence for further analysis and investigation.


Question 2

A systems administrator is reviewing the application development process with the development team and notices that the team has no way to collaboratively develop code. Which of the following methods should be implemented to resolve this issue?



Answer : B

Detailed

B . Version control: Version control systems like Git enable collaborative development, allowing team members to track changes, merge contributions, and resolve conflicts efficiently.


CompTIA Cloud+ CV0-003 Study Guide Chapter 4: Solution Design in Support of Business Requirements.

Question 3

The Chief Information Officer of a financial services company wants to ensure stringent security measures are maintained while migrating customer financial information from a private cloud to the public cloud. The cloud engineer must deploy automated validation and verification checks to prevent unauthorized disclosure of financial information. Which of the following should be configured during the migration?



Answer : B

One possible answer is:

B . VPN

A VPN (Virtual Private Network) is a technology that creates a secure and encrypted connection between a remote device and a private network over the internet. A VPN can help prevent unauthorized disclosure of financial information during the migration from a private cloud to the public cloud, as it can protect the data in transit from interception, tampering, or leakage. A VPN can also help maintain compliance with data privacy regulations, such as GDPR or PCI DSS, by ensuring that the data is only accessible by authorized parties12.

ACL (Access Control List) is a method of controlling access to resources based on user or group permissions. ACL can help enforce security policies and restrict access to sensitive data, but it does not encrypt or protect the data in transit3.

P2V (Physical to Virtual) is a process of converting a physical machine into a virtual machine. P2V can help migrate workloads from on-premises servers to cloud servers, but it does not ensure the security of the data during the migration4.

VDI (Virtual Desktop Infrastructure) is a technology that provides users with virtual desktops hosted on a centralized server. VDI can help improve the performance, availability, and manageability of desktop environments, but it does not address the security of the data during the migration5.


Question 4

A systems administrator is deploying a solution that requires a virtual network in a private cloud environment. The solution design requires the virtual network to transport multiple payload types.

Which of the following network virtualization options would BEST satisfy the requirement?



Answer : D

Generic Network Virtualization Encapsulation (GENEVE) is a type of network virtualization technology that creates logical networks or segments that span across multiple physical networks or locations. GENEVE can satisfy the requirement of transporting multiple payload types in a virtual network in a private cloud environment, as it can support various network protocols and services by using a flexible and extensible header format that can encapsulate different types of payloads within UDP packets. GENEVE can also provide interoperability and compatibility, as it can integrate with existing network virtualization technologies such as VXLAN, STT, or NVGRE. Reference:CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8


Question 5

An administrator is securing a private cloud environment and wants to ensure only approved systems can connect to switches. Which of the following would be MOST useful to accomplish this task?



Answer : D


NAC (Network Access Control) is what the administrator should implement to ensure only approved systems can connect to switches in a private cloud environment. NAC is a security technique that controls and restricts access to network resources based on predefined policies or rules. NAC can verify and authenticate users or devices before granting them access to switches or other network devices. NAC can also enforce compliance and security standards on users or devices before allowing them to connect to switches.

Question 6

A cloud administrator received a request to provision a set of cloud resources in an effort to switch to infrastructure as code to automate and optimize operations. The administrator decides to try to run some tests with the following definition:

Which of the following is the most likely cause of the issue?



Answer : C

The error message indicates that the cloud provider is unable to find the public key file that is specified in the definition. The definition uses an environment variable called PUBLIC_KEY_PATH to refer to the location of the public key file. However, if this environment variable has not been set or exported in the shell, the cloud provider will not be able to resolve it and will fail to provision the resources. To fix this issue, the cloud administrator should set and export the environment variable for the public key path before running the definition. Reference: [CompTIA Cloud+ CV0-003 Certification Study Guide], Chapter 8, Objective 8.1: Given a scenario, implement cloud automation and orchestration.


Question 7

A cloud administrator is managing an organization's infrastructure in a public cloud. All servers are currently located in a single virtual network with a single firewall that all traffic must pass through. Per security requirements, production, QA, and development servers should not be able to communicate directly with each other. Which of the following should an administrator perform to comply with the security requirement?



Answer : A

These are the actions that the administrator should perform to comply with the security requirement of isolating production, QA, and development servers from each other in a public cloud environment:

Create separate virtual networks for production, QA, and development servers: A virtual network is a logical isolation of network resources or systems within a cloud environment. Creating separate virtual networks for different types of servers can help to segregate them from each other and prevent direct communication or interference.

Move the servers to the appropriate virtual network: Moving the servers to the appropriate virtual network can help to assign them to their respective roles and functions, as well as ensure that they follow the network policies and rules of their virtual network.

Apply a network security group to each virtual network that denies all traffic except for the firewall: A network security group is a set of rules or policies that control and filter inbound and outbound network traffic for a virtual network or system. Applying a network security group to each virtual network that denies all traffic except for the firewall can help to enforce security and compliance by blocking any unauthorized or unwanted traffic between different types of servers, while allowing only necessary traffic through the firewall.


Page:    1 / 14   
Total 453 questions