A cloud architect is preparing environments to develop a new application that will process sensitive dat
a. The project team consists of one internal developer, two external consultants, and three testers. Which of the following is the most important security control for the cloud architect to consider implementing?
Answer : D
In a project handling sensitive data with a mix of internal and external team members, implementing Identity and Access Management (IAM) and Access Control Lists (ACL) is crucial for Data Loss Prevention (DLP). These controls ensure that only authorized individuals have access to specific resources, and actions are governed according to the principle of least privilege, minimizing the risk of data leakage or unauthorized access.
A cloud engineer wants to run a script that increases the volume storage size if it is below 100GB. Which of the following should the engineer run?
Answer : A
The correct script is Option A, which uses a conditional test to check if the volume size is less than 100GB. If it is, then it performs a resize operation; otherwise, it outputs a message indicating the volume is already the desired size. Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Automation
A company uses containers stored in Docker Hub to deploy workloads (or its laaS infrastructure. The development team releases changes to the containers several times per hour. Which of the following should a cloud engineer do to prevent the proprietary code from being exposed to third parties?
Answer : D
To prevent proprietary code from being exposed to third parties, a cloud engineer should use private repositories for the containers. Private repositories ensure that access to container images is restricted and controlled, unlike public repositories where images are accessible to anyone. Reference: The concept of using private repositories for protecting proprietary code is part of cloud security best practices, which is covered under the Governance, Risk, Compliance, and Security domain of the CompTIA Cloud+ certification.
A company is developing a new web application that requires a relational database management system with minimal operational overhead. Which of the following should the company choose?
Answer : B
For a new web application that requires a relational database management system with minimal operational overhead, the company should choose a managed SQL database on the cloud. Managed databases provide automated backups, patching, and other management tasks, reducing the administrative burden. Reference: The use of managed services, like managed databases, to minimize operational overhead is a strategic decision in cloud computing covered in CompTIA Cloud+.
Which of the following vulnerability management concepts is best defined as the process of discovering vulnerabilities?
Answer : D
In vulnerability management, 'Identification' is the concept best defined as the process of discovering vulnerabilities. This step is crucial as it involves detecting vulnerabilities in systems, software, and networks, which is the first step in the vulnerability management process before moving on to assessment, remediation, and reporting.
The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:
Which of the following is the most likely root cause of this anomaly?
Answer : A
The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg
A cloud solutions architect is designing a VM-based solution that requires reducing the cost as much as possible. Which of the following solutions will best satisfy this requirement?
Answer : B
Using Spot VMs is a cost-effective solution as these are available at significantly reduced prices compared to standard instances. Spot VMs are ideal for workloads that can tolerate interruptions and are a way to take advantage of unused cloud capacity. Reference: The concept of Spot VMs and their cost benefits are included in the financial aspects of managing cloud resources, as per the CompTIA Cloud+ certification guidelines.