CompTIA

CV0-004 Exam
CompTIA Cloud+

Questions & Answers

(Demo Version - Limited Content)

Thank you for Downloading CV0-004 exam PDF Demo

Get Full File:

https://www.certsland.com/cv0-004-dumps/

www.certsland.com
Questions & Answers PDF Page 2

Version:5.1

Question: 1

An engineer made a change to an application and needs to select a deployment strategy that meets
the following requirements:
• Is simple and fast
• Can be performed on two Identical platforms
Which of the following strategies should the engineer use?

A. Blue-green
B. Canary
C. Rolling
D. in-place

Answer: A
Explanation:

The blue-green deployment strategy is ideal for scenarios where simplicity and speed are crucial. It
involves two identical production environments: one (blue) hosts the current application version,
while the other (green) is used to deploy the new version. Once testing is completed on the green
environment and it's ready to go live, traffic is switched from blue to green, ensuring a quick and
efficient rollout with minimal downtime. This method allows for immediate rollback if issues arise,
by simply redirecting the traffic back to the blue environment.
Reference: CompTIA Cloud+ material emphasizes the importance of understanding various cloud
deployment strategies, including blue-green, and their application in real-world scenarios to ensure
efficient and reliable software deployment in cloud environments.

Question: 2

The change control board received a request to approve a configuration change 10 deploy in the
cloud production environment. Which of the following should have already been competed?

A. Penetration test
B. End-to-end security testing
C. Cost benefit analysis
D. User acceptance testing

Answer: D

www.certsland.com
Questions & Answers PDF Page 3

Explanation:

Before a configuration change is deployed in the cloud production environment, it is crucial to

conduct User Acceptance Testing (UAT). UAT involves testing the system by the end-users or clients to
ensure it can handle required tasks in real-world scenarios, according to specifications. This testing is
the final stage before the change is approved for production, ensuring that all functionalities meet
user requirements and the system is ready for deployment.
Reference: The CompTIA Cloud+ certification highlights the significance of various testing phases,
including UAT, as part of the cloud deployment process to validate the system's readiness and
functionality for end-users.

Question: 3

A customer is migrating applications to the cloud and wants to grant authorization based on the
classification levels of each system. Which of the following should the customer implement to ensure
authorisation to systems is granted when the user and system classification properties match?
(Select two).

A. Resource tagging
B. Discretionary access control
C. Multifactor authentication
D. Role-based access control
E. Token-based authentication
F. Bastion host

Answer: B, D
Explanation:

Discretionary Access Control (DAC) and Role-Based Access Control (RBAC) are effective methods for
granting authorization based on system classification levels. DAC allows resource owners to grant
access rights, making it flexible for environments with varying classification levels. RBAC assigns
permissions based on roles within an organization, aligning access rights with the user's job functions
and ensuring that users access only what is necessary for their role, which can be mapped to system
classifications.
Reference: CompTIA Cloud+ content covers various access control models, emphasizing the
importance of implementing appropriate security measures that align with organizational policies
and classification levels to ensure secure and authorized access to cloud systems.

Question: 4

A system surpasses 75% to 80% of resource consumption. Which of the following scaling approaches
is the most appropriate?

A. Trending
B. Manual

www.certsland.com
Questions & Answers PDF Page 4

C. Load
D. Scheduled

Answer: C
Explanation:

Load scaling is the most appropriate approach when a system surpasses 75% to 80% of resource
consumption. This method involves adjusting resources dynamically in response to the current load,
ensuring the system can handle increased demand without performance degradation. Load scaling
can be automatic, allowing systems to scale up or down based on predefined metrics like CPU usage,
memory, or network traffic, providing an efficient way to manage resources and maintain optimal
performance.
Reference: The CompTIA Cloud+ exam objectives include understanding cloud management and
technical operations, which encompass knowledge of various scaling approaches, including load
scaling, to ensure efficient resource utilization in cloud environments.

Question: 5

A network administrator is budding a site-to-site VPN tunnel from the company's headquarters office
10 the company's public cloud development network. The network administrator confirms the
following:
The VPN tunnel is established on the headquarter office firewall.
While inside the office, developers report that they cannot connect to the development network
resources.
While outside the office on a client VPN, developers report that they can connect to the
development network resources.
The office and the client VPN have different IP subnet ranges.
The firewall flow logs show VPN traffic is reaching the development network from the office.
Which of the following is the next step the next network administrator should take to troubleshoot
the VPN tunnel?

A. Review the development network routing table.

B. Change the ciphers on the site-to-site VPN.
C. Restart the site-to-site VPN tunnel.
D. Check the ACLS on the development workloads

Answer: A
Explanation:

The next step in troubleshooting the VPN tunnel issue is to review the development network routing
table. This action will help determine if the routing configurations are correctly directing traffic from
the headquarters office through the VPN tunnel to the development network resources. Proper
routing ensures that data packets find their way to the correct destination within the cloud
environment, which is critical for establishing successful communication between different network
segments.
Reference: CompTIA Cloud+ materials stress the importance of networking fundamentals in cloud

www.certsland.com
Questions & Answers PDF Page 5

environments, including VPN configurations and routing, to ensure secure and efficient connectivity
between on-premises infrastructure and cloud resources.

Question: 6

A company's man web application is no longer accessible via the internet. The cloud administrator
investigates and discovers the application is accessible locally and only via an IP access. Which of the
following was misconfigured?

A. IP
B. DHCP
C. NAT
D. DNS

Answer: D
Explanation:

When a web application is accessible locally via an IP address but not via the internet, the issue likely
lies with the Domain Name System (DNS). DNS is responsible for translating domain names into IP
addresses. A misconfiguration in DNS records or failure in DNS resolution can prevent users from
accessing the application through its domain name, even though the application itself is running and
accessible via its direct IP address.
Reference: In the CompTIA Cloud+ curriculum, understanding cloud concepts and networking
fundamentals, including DNS, is crucial for troubleshooting and ensuring applications are accessible
and perform optimally in cloud environments.

Question: 7

A cloud engineer is provisioning a new application that requires access to the organization's public
cloud resources. Which of the following is the best way for the cloud engineer to authenticate the
application?

A. Access key
B. API
C. MFA token
D. Username and Password

Answer: A
Explanation:

The best way to authenticate an application requiring access to an organization's public cloud
resources is through the use of an access key. Access keys provide a secure means of authentication
for applications and services without the need for interactive login credentials. This method is
particularly useful for automated processes or applications that need to interact with cloud services
programmatically, ensuring secure and efficient access control.

www.certsland.com
Questions & Answers PDF Page 6

Reference: CompTIA Cloud+ content emphasizes the importance of secure authentication

mechanisms, such as access keys, in managing and securing access to cloud resources, aligning with
best practices for cloud security and application deployment.

Question: 8

A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be

exploited by a privileged process to read tie content of the host's memory. The security engineer
reviews the following Dockerfile to determine a solution to mitigate similar exploits:

Which of the following is the best solution to prevent similar exploits by privileged processes?

A. Adding the USER myappuserinstruction

B. Patching the host running the Docker daemon
C. Changing FROM alpiner3.17 to FROM alpine:latest
D. Running the container with the ready-only filesystem configuration

Answer: A
Explanation:

Adding the "USER myappuser" instruction to the Dockerfile is the best solution to prevent similar
exploits by privileged processes. This instruction ensures that the container runs as a non-privileged
user instead of the root user, significantly reducing the risk of privileged exploits. Running containers
with least privilege principles minimizes the potential impact of vulnerabilities, enhancing the overall
security posture of the containerized environment.
Reference: The CompTIA Cloud+ framework includes security concerns, measures, and concepts for
cloud operations, highlighting the importance of container security practices, such as running
containers as non-root users to prevent unauthorized access and exploitation.

Question: 9

A cross-site request forgery vulnerability exploited a web application that was hosted in a public laaS
network. A security engineer determined that deploying a WAF in blocking mode at a CDN would
prevent the application from being exploited again. However, a week after implementing the WAF,
the application was exploited again. Which of the following should the security engineer do to make
the WAF control effective?

A. Configure the DDoS protection on the CDN.

B. Install endpoint protection software on the VMs
C. Add an ACL to the VM subnet.
D. Deploy an IDS on the laaS network.

Answer: C

www.certsland.com
Questions & Answers PDF Page 7

Explanation:

After a WAF deployment fails to prevent an exploit, adding an Access Control List (ACL) to the Virtual
Machine (VM) subnet can be an effective control. ACLs provide an additional layer of security by
explicitly defining which traffic can or cannot enter a network segment. By setting granular rules
based on IP addresses, protocols, and ports, ACLs help to restrict access to resources, thereby
mitigating potential exploits and enhancing the security of the IaaS network.
Reference: CompTIA Cloud+ materials cover governance, risk, compliance, and security for the cloud,
including the implementation of network security controls like ACLs, to protect cloud environments
from unauthorized access and potential security threats.

Question: 10

A cloud engineer wants containers to run the latest version of a container base image to reduce the
number of vulnerabilities. The applications in use requite Python 3.10 and ate not compatible with
any other version. The containers' images are created every time a new version is released from the
source image. Given the container Dockerfile below:

Which of the following actions will achieve the objectives with the least effort?

A. Perform docker pull before executing docker run.

B. Execute docker update using a local cron to get the latest container version.
C. Change the image to use python:latest on the image build process.
D. Update the Dockerfile to pin the source image version.

Answer: A
Explanation:

Performing a "docker pull" before executing "docker run" ensures that the latest version of the
container base image is used, aligning with the objective of reducing vulnerabilities. This command
fetches the latest image version from the repository, ensuring that the container runs the most up-
to-date and secure version of the base image. This approach is efficient and requires minimal effort,
as it automates the process of maintaining the latest image versions for container deployments.
Reference: Within the CompTIA Cloud+ examination scope, understanding management and
technical operations in cloud environments, including container management and security, is critical.
This includes best practices for maintaining up-to-date container images to minimize vulnerabilities.

Question: 11

An engineer wants lo scale several cloud workloads on demand. Which of the following approaches
is the most suitable?

www.certsland.com
Questions & Answers PDF Page 8

A. Load
B. Scheduled
C. Manual
D. Trending

Answer: A
Explanation:

Load scaling is the most suitable approach for scaling several cloud workloads on demand. It
automatically adjusts the number of active servers in a cloud environment based on the current load
or traffic, ensuring that resources are efficiently utilized to meet demand without manual
intervention. This approach helps maintain optimal performance and availability, particularly during
unexpected surges in workload or traffic.
Reference: Understanding cloud management and technical operations, including scaling strategies,
is crucial for optimizing resource utilization and performance in cloud environments, as outlined in
the CompTIA Cloud+ objectives.

Question: 12

A software engineer is integrating an application lo The cloud that is web socket based. Which of the
following applications is the engineer most likely deploying?

A. Image-sharing
B. Data visualization
C. Chat
D. File transfer

Answer: C
Explanation:

A chat application is most likely to be deployed when integrating a web socket-based application to
the cloud. Web sockets provide full-duplex communication channels over a single, long-lived
connection, which is ideal for real-time applications like chat services that require persistent
connections between the client and server for instant data exchange.
Reference: CompTIA Cloud+ materials cover cloud networking concepts, emphasizing the
importance of choosing the right technologies, like web sockets, for specific application
requirements to ensure efficient and responsive cloud-based services.

Question: 13

A manager wants information about which users signed in to a certain VM during the past month.
Which of the following can the cloud administrator use to obtain this information?

A. Retention
B. Alerting
C. Aggregation

www.certsland.com
Questions & Answers PDF Page 9

D. Collection

Answer: D
Explanation:

To obtain information about which users signed in to a certain VM during the past month, a cloud
administrator can use log collection. Log collection involves gathering and storing logs from various
sources, including VMs, to provide historical data on system access and activity, which can then be
analyzed to identify user login instances.
Reference: The CompTIA Cloud+ certification emphasizes the importance of monitoring and visibility
in cloud environments, which includes log collection and analysis as key components of operational
management and security monitoring.

Question: 14

A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

Which of the following changes should the engineer make lo the file to improve container security?

A. Add the instruction "JSER nonroot.

B. Change the version from latest to 3.11.
C. Remove the EHTRYPOIKT instruction.
D. Ensure myapp/main.pyls owned by root.

Answer: A
Explanation:

To improve container security, the engineer should add the instruction "USER nonroot" to the
Dockerfile. This change ensures that the container does not run as the root user, which reduces the
risk of privilege escalation attacks. Running containers as a non-root user is a best practice for
enhancing security in containerized environments.
Reference: CompTIA Cloud+ content includes security concerns, measures, and concepts for cloud
operations, highlighting container security best practices such as running containers with least
privilege to mitigate security risks.

Question: 15

A company has decided to adopt a microservices architecture for its applications that are deployed to
the cloud. Which of the following is a major advantage of this type of architecture?

A. Increased security
B. Simplified communication
C. Reduced server cost
D. Rapid feature deployment

www.certsland.com
Questions & Answers PDF Page 10

Answer: D
Explanation:

A major advantage of adopting a microservices architecture is rapid feature deployment.

Microservices allow for independent development, deployment, and scaling of individual service
components, enabling teams to bring new features to market more quickly and efficiently compared
to monolithic architectures.
Reference: The CompTIA Cloud+ certification covers cloud design aspects, including architectural
models like microservices, emphasizing their role in facilitating agile development practices and
rapid feature release cycles in cloud environments.

Question: 16

A company wants to optimize cloud resources and lower the overhead caused by managing multiple
operating systems. Which of the following compute resources would be best to help to achieve this
goal?

A. VM
B. Containers
C. Remote desktops
D. Bare-metal servers

Answer: B
Explanation:

Containers are the best compute resources to optimize cloud resources and lower the overhead
caused by managing multiple operating systems. Containers encapsulate applications and their
dependencies into a single executable package, running on a shared OS kernel, which reduces the
need for separate operating systems for each application and simplifies resource management.
Reference: CompTIA Cloud+ materials discuss management and technical operations in cloud
environments, including the use of containers to improve resource utilization and operational
efficiency by minimizing the overhead associated with traditional VMs.

Question: 17

A developer is deploying a new version of a containerized application. The DevOps team wants:
• No disruption
• No performance degradation
* Cost-effective deployment
• Minimal deployment time
Which of the following is the best deployment strategy given the requirements?

A. Canary
B. In-place
C. Blue-green
D. Rolling

www.certsland.com
Questions & Answers PDF Page 11

Answer: C
Explanation:

The blue-green deployment strategy is the best given the requirements for no disruption, no
performance degradation, cost-effective deployment, and minimal deployment time. It involves
maintaining two identical production environments (blue and green), where one hosts the current
application version and the other is used to deploy the new version. Once testing on the green
environment is complete, traffic is switched from blue to green, ensuring a seamless transition with
no downtime.
Reference: Understanding various cloud deployment strategies, such as blue-green deployments, is
essential for managing cloud environments effectively, as highlighted in the CompTIA Cloud+
objectives, to ensure smooth and efficient application updates.

Question: 18

An DevOps engineer is receiving reports that users can no longer access the company's web
application after hardening of a web server. The users are receiving the following error:
ERR_SSLJ/ERSION_OR_CIPHER_MISMATCH.
Which of the following actions should the engineer take to resolve the issue?

A. Restart the web server.

B. Configure TLS 1.2 or newer.
C. Update the web server.
D. Review logs on the WAF

Answer: B
Explanation:

To resolve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error after hardening a web server, the

engineer should configure the server to use TLS 1.2 or newer. This error often occurs when the server
or client supports an outdated version of SSL/TLS or incompatible cipher suites. Updating to a
modern, secure version of TLS ensures compatibility and enhances security.
Reference: The CompTIA Cloud+ certification includes governance, risk, compliance, and security for
the cloud, emphasizing the importance of implementing up-to-date security protocols like TLS to
protect data in transit and ensure secure communications in cloud environments.

Question: 19

A healthcare organization must follow strict compliance requirements to ensure that Pll is not leaked.
The cloud administrator needs to ensure the cloud email system can support this requirement Which
of the following should the organization enable?

A. IPS
B. OLP
C. ACL
D. WAF

www.certsland.com
Questions & Answers PDF Page 12

Answer: B
Explanation:

To ensure that Personally Identifiable Information (PII) is not leaked and to comply with strict
healthcare regulations, the organization should enable Data Loss Prevention (DLP). DLP systems are
designed to detect and prevent unauthorized access or sharing of sensitive data, making them ideal
for securing PII in cloud email systems and ensuring compliance with healthcare industry standards.
Reference: CompTIA Cloud+ content covers governance, risk, compliance, and security aspects of
cloud computing, highlighting the role of DLP in safeguarding sensitive information and maintaining
compliance in regulated industries like healthcare.

Question: 20

A cloud engineer wants to implement a monitoring solution to detect cryptojacking and other
cryptomining malware on cloud instances. Which of the following metrics would most likely be used
to identify the activity?

A. Disk I/O
B. Network packets
C. Average memory utilization
D. Percent of CPU utilization

Answer: D
Explanation:

To detect cryptojacking and other cryptomining malware on cloud instances, monitoring the percent
of CPU utilization is most effective. Cryptomining malware typically consumes a significant amount
of CPU resources for mining operations, leading to unusually high CPU usage. Monitoring and
analyzing CPU utilization metrics can help identify instances of cryptojacking by highlighting
abnormal levels of resource consumption.
Reference: Understanding management and technical operations in cloud environments, as outlined
in the CompTIA Cloud+ objectives, includes the use of monitoring solutions to detect and respond to
security threats like cryptomining malware, ensuring the integrity and performance of cloud
resources.

www.certsland.com
 Thank You for trying CV0-004 PDF Demo

https://www.certsland.com/cv0-004-dumps/

Start Your CV0-004 Preparation

[Limited Time Offer] Use Coupon " SAVE20 " for extra 20%
discount on the purchase of PDF file. Test your
CV0-004 preparation with actual exam questions

www.certsland.com