×

Quiz Session - Attempts With Random Questions

CompTIA Cloud+ (CV0-004) Version 1.0.7 Exam Questions

Page 10 of 30

181.

You have a large storage area network and wish to associate and configure certain storage devices to specific servers. 

What specific SAN approach and technology would you use to accomplish this?

  • Zoning

  • Segmenting

  • SAN masking

  • Striping

Correct answer: Zoning

Zoning creates specific associations between servers and storage devices and allows the storage administrator to isolate parts of the storage area network. This is usually done for performance or security reasons.

SAN masking is a distractor term based on LUN masking. 

Striping is a RAID technique. 

Segmenting is a general term that can describe a variety of logical isolation techniques.

182.

What is a release that contains multiple patches into a single update?

  • Rollup

  • Hotfix

  • Superpatch

  • QFE

Correct answer: Rollup

A rollup release combines multiple patches from a related category into a single update. 

A hotfix is a targeted fix for a critical issue. 

A quick fix engineering (QFE) update is another term for a hotfix. 

Superpatch is a distractor term.

183.

What type of encryption requires a single user to have two keys?

  • Asymmetric

  • Symmetric

  • Dual

  • Stream

Correct answer: Asymmetric

Asymmetric encryption requires users to have a public and a private key. 

Symmetric encryption requires one key. 

Dual encryption is not a standard encryption type.

Stream ciphers are a type of symmetric encryption.

184.

Geographical dispersion is a cloud architecture and design approach that is intended to mitigate and lower what aspect of an organization's cloud deployment?

  • Risk

  • Budget

  • Operational stability

  • Scalability

Correct answer: Risk

Single points of failure or concentration of assets close to each other can create risk for an organization. Geographical dispersion reduces risk by lowering the impact of an outage or failure on an entire base of users and employees.

Geographical distribution enables techniques such as spreading workloads across multiple availability zones (AZs) and fault tolerance in the event a single region goes offline. Therefore, it is typically more expensive (so it does not lower budget) and improves reliability (so it does not lower operational stability). 

Geographical distribution can improve (not lower) overall scalability.

185.

Alex received an email from Cruz. Cruz digitally signed the email. 

How can Alex verify the digital signature on Cruz's email?

  • Using Cruz's public key

  • Using Cruz's private key

  • Using Alex's private key

  • Using Alex's public key

Correct answer: Using Cruz's public key

The recipient of a message that has been digitally signed must have the sender's public key to verify the party that the message came from and that the digital signature is valid. In this case, that means Cruz's public key is required.

186.

You are provisioning a virtual network. The requirements are:

  1.  Have space for 500 hosts
  2. Minimize the amount of unused addresses beyond the 500 hosts

What size CIDR block should you give this network?

  • /23

  • /16

  • /8

  • /15

Correct answer: /23

A /23 CIDR network would allow for 510 hosts. 

All the other options would allow significantly more hosts and not meet requirement #2 to minimize the amount of unused addresses.

187.

What report was created so organizations can have a marketing-focused, non-technical summary of a SOC 2 report?

  • SOC 3

  • SOC 2.1

  • SOC M

  • SOC NT

Correct answer: SOC 3

Service Organization Controls 3 (SOC 3) is a report for public disclosure that provides details on financial controls and security. SOC 3 reports were created to provide a marketing-oriented, non-technical summary of SOC 2 reports. 

While there are SOC 2 type 1 and type 2 reports, the other answers are not standard SOC reports.

188.

AI models that support fraud detection use cases often use what type of learning model?

  • Unsupervised

  • Serverless

  • Deterministic

  • Anomaly

Correct answer: Unsupervised

Artificial intelligence (AI) models for fraud detection use cases often use an unsupervised learning model. 

Fraud detection systems detect anomalies, but "anomaly," serverless, and deterministic, are not AI learning models.

189.

What type of packet inspection considers whether a session related to a packet exists before it will accept the packet?

  • Stateful

  • Stateless

  • HIDS

  • XSS

Correct answer: Stateful

Stateful packet inspection considers whether a session exists before accepting a packet. Stateless packet inspection does not consider whether a session exists. 

HIDS (host intrusion detection system) is a type of security tool. 

Cross-site scripting (XSS) is a type of web application attack.

190.

Acme Inc. provides a PaaS database service to Users R Us LLC. Using the shared responsibility model, who is responsible for the hypervisors running the service?

  • Acme Inc.

  • Users R Us LCC

  • CASB

  • Consumer

Correct answer: Acme Inc.

In this case, User R Us LLC is the consumer. Acme Inc. is the cloud service provider (CSP). 

In the shared responsibility model, CSPs are responsible for the underlying hypervisor for SaaS, PaaS, and IaaS service models. 

A cloud access security broker (CASB) is a cloud security solution for access policy enforcement.

191.

Acme Inc. is planning to deploy HIDS throughout their network. Where will they install the HIDS agents?

  • Endpoints

  • Routers

  • Load balancers

  • Storage blocks

Correct answer: Endpoints

A host-based intrusion detection system (HIDS) monitors and analyzes traffic and activity for endpoint systems within a network. Examples include workstations and virtual machines. 

Select routers and load balancers could run a HIDS (for example, Linux appliances running WAZUH). However, endpoints like servers and workstations are more commonly associated with HIDS, making these two answers less applicable than endpoints. 

Storage blocks are used to store data and are not directly associated with running a HIDS agent.

192.

You suspect that your network is having issues and would like to do an nslookup test. 

Nslookup is BEST categorized as what type of tool?

  • DNS

  • High availability

  • Packet capture

  • Packet lookup

Correct answer: DNS

Nslookup tools perform DNS queries to resolve names to IP addresses and troubleshoot issues related to DNS.

Nslookup does not directly relate to high availability. 

Packet capture tools, like Wireshark and tcpdump, capture network traffic from an interface and allow users to view and filter through the traffic. 

Packet lookup is a distractor answer.

193.

What type of testing can be used to emulate system use before and after upgrade takes place to learn about the impact of the upgrade on performance?

  • Load testing

  • Feature testing

  • Unit testing

  • Acceptance testing

Correct answer: Load testing

Load testing executes operations that emulate user workloads at different levels of utilization. This can help determine the impact of an upgrade on system performance.

Feature testing focuses on testing a specific feature.

Unit testing is typically performed by developers on chunks (units) of code. 

Acceptance testing is associated with a user group or other entity performing tests to accept or reject a release.

194.

Which of the following is a prerequisite for detecting an anomaly with cloud infrastructure?

  • Baseline

  • Syslog

  • IaC

  • CPU monitoring

Correct answer: Baseline

Anomalies represent a deviation from a baseline value. Therefore, without a baseline, you cannot have an anomaly. 

Syslog is a logging protocol. While it could be used to detect some anomalies, it is not a requirement. 

CPU monitoring is required for detecting CPU anomalies, but there are other types of cloud infrastructure anomalies (e.g., RAM, I/O, network utilization, etc.) that do not require CPU monitoring. 

Infrastructure as code (IaC) is an approach to maintaining infrastructure configuration like source code.

195.

Acme Inc. is just beginning to use cloud computing. They want their first project to be the cloud service model that places the least responsibility on the consumer.

Which cloud service model is BEST for these requirements?

  • SaaS

  • DBaaS

  • PaaS

  • IaaS

Correct answer: SaaS

Using the shared responsibility model and comparing SaaS, PaaS, DBaaS (a type of PaaS), and IaaS, SaaS places the least amount of responsibility on the consumer.

196.

Assuming a full backup is available but not up to date, how many backups are needed to restore from an incremental backup?

  • At least 2

  • Exactly 2

  • Exactly 3

  • At least 3

Correct answer: At least 2

When using incremental backups, the last full backup and all incremental backups since the full backup are required for restoration. Therefore, "at least 2" is the correct answer.

197.

What type of firewall would you set up to specifically inspect and intercept traffic for potential web application attacks?

  • WAF

  • NAT

  • PAT

  • DMZ

Correct answer: WAF

A web application firewall (WAF) is a specific type of firewall that filters, monitors, and blocks HTTP traffic and actively monitors for cross-site scripting and SQL injections, which are common web application attacks.

Network address translation (NAT) and port address translation (PAT) are used to map internal and external IP addresses. 

A demilitarized zone (DMZ) is a specific type of network segment that sits between a trusted network and the public Internet.

198.

Acme Inc. wants to have most of the benefits of a dedicated private cloud, but use public cloud infrastructure. 

Which cloud model is the BEST fit for this scenario?

  • Cloud within a cloud

  • Community cloud

  • Hybrid cloud

  • SaaS

Correct answer: Cloud within a cloud

The cloud within a cloud model enables organizations to have the flexibility a private cloud offers while using a public cloud provider's infrastructure. This provides the organization with a dedicated set of resources without the need for an on-premises server often required for a private cloud. 

A community cloud is a cloud used by multiple organizations with a shared interest and similar requirements.

A hybrid cloud is a mix of public and private cloud usage. The reason hybrid cloud is not correct in this case is that a hybrid cloud does not necessarily mean that dedicated resources will be provisioned for the customer. 

SaaS offers application access in a cloud service model.

199.

Alex is debugging an issue related to software installed on a virtual machine. The application is displaying an error message when certain input is provided to a form. 

Which log type is MOST likely to have relevant information?

  • Application

  • Security

  • Setup

  • System

Correct answer: Application

Common log types include:

  • Application- Contains logs relevant to drivers and applications on a system.
  • Security- Contains information on authentication and privilege escalation attempts. May also contain audited events. 
  • Setup- Contains information on system patches applied to the system. 
  • System log- Contains operating system messages and information about services that have launched or been terminated. 

200.

How can BYOL help an organization control costs?

  • By allowing transfer of software licenses

  • By reducing bandwidth consumption during cloud migrations

  • By reducing bandwidth consumption during cloud runtime

  • By compressing binary files on disk

Correct answer: By allowing transfer of software licenses

Bring your own license (BYOL) allows organizations to transfer software licenses to a cloud platform. 

It does not directly help with bandwidth consumption or data compression for files on disk.

×