No products in the cart.
CompTIA Cloud+ (CV0-004) Version 1.0.7 Exam Questions
Page 3 of 30
41.
A cloud administrator stored a set of large binary data as a single entity in a database.
This is an example of what type of data storage?
-
Data BLOB
-
SAN backups
-
CDN
-
Volume
Correct answer: Data BLOB
A data BLOB (binary large object) is binary data stored as a single object in a database.
A SAN backup is a generic term that refers to a backup of data from a storage area network (SAN)
A content delivery network (CDN) is a data replication network typically used to improve performance by moving data like video and images closer to where it is used.
A storage volume is a logical allocation of space.
42.
A smart sensor that connects to a network and streams humidity data to a public cloud is an example of what type of technology?
-
IoT
-
CSP
-
MTU
-
MQTT
Correct answer: IoT
Internet of Things (IoT) devices are a category of network-connected (typically Internet-connected) devices that serve some primary purpose other than traditional computing. Common examples of IoT devices include "smart" sensors, cameras, lights, and other embedded systems.
A cloud service provider (CSP) provides cloud services to cloud customers.
Maximum transmission unit (MTU) is a network setting.
MQTT is a publish/subscribe style messaging protocol often used by IoT devices.
43.
You are deploying a secure cloud-based file sharing solution and need to enforce the security based on data classifications and the user's level of security clearance.
What is the BEST access control solution for this environment?
-
Mandatory access control
-
Role-based access control
-
Module-based access control
-
Discretionary-based access control
Correct answer: Mandatory access control
Mandatory access control allows the cloud administrator to implement security at the most granular level by specific cloud resource and user. For example, access rights can be defined based on data classifications and user access levels that are determined by user attributes.
Module-based access control is not a standard type of access control.
Discretionary-based access control is used to allow users to define access control rules for resources they own.
Role-based access control assigns permissions based on a user's role.
44.
Charlie is using a system's REST API. Charlie wants to create a new file on the system.
What HTTP operation is MOST likely to be required to create the file?
-
POST
-
PUT
-
GET
-
ADD
Correct answer: POST
RESTful application programming interfaces (APIs) use standard HTTP operations to allow systems to exchange and modify information.
Common HTTP operations used with RESTful APIs include:
- GET- Reads data or retrieves a resource
- POST- Creates a resource
- PUT- Modifies a resource
- DELETE- Deletes a resource
Since POST creates a new resource, it is most likely to be required if Charlie wants to create a new file.
ADD is not a standard HTTP operation.
45.
In which cloud service model does the cloud provider have the MOST responsibility for security, compliance, and liability requirements?
-
SaaS
-
PaaS
-
IaaS
-
XaaS
Correct answer: SaaS
Software as a Service (SaaS) providers are responsible for maintaining security levels for the user; the user has no way of configuring the security settings. Security, compliance, and liability requirements are all built into the SaaS application.
SaaS shifts more burden to the cloud service provider than PaaS or IaaS. The tradeoff for users is the level of control.
XaaS is a generic term that means "anything as a service" and is not a specific model.
46.
Alex, a systems administrator at Acme Inc., needs to troubleshoot why an application is not responding to HTTP POST requests from a Windows client on a different subnet.
Alex wants to begin troubleshooting by viewing the local routing table on the Windows client.
What Windows command can Alex use to view the Windows machine's local routing table?
-
route
-
tcpdump
-
traceroute
-
tracert
Correct answer: route
tcpdump is a packet capture utility that allows users to "sniff" traffic on a network interface.
traceroute (Linux) and tracert (Windows) enumerate the network "hops" between devices.
47.
You are the cloud engineer for a small company and set up the network connection between your organization and the public cloud, where your systems run. Recently, all your users have begun complaining of increasingly slower network performance at all times of the day and, in some cases, they cannot connect to the network at all.
Which cloud performance variable would you test for FIRST?
-
Bandwidth
-
RAM utilization
-
Input/output operations per second (IOPS)
-
Virtual machine allocation
Correct answer: Bandwidth
Bandwidth refers to the maximum amount of data that can be transferred throughout the network. It is bound by an organization's Internet connection and the capabilities of the network devices. In this scenario, since all employees are experiencing slow performance, and some are not even able to acquire a network connection, the first step is to determine if the overall network bandwidth/capacity can serve the user population.
RAM utilization is relevant to memory consumption, and IOPS is relevant to disk read/writes. While these may come up in troubleshooting, checking bandwidth consumption is the best first step.
Virtual machine allocation is not a descriptive enough response to be viable in this case.
48.
Which protocol and default port is used to manage the non-secure communication between a browser and an application or website running in the cloud?
-
HTTP and port 80
-
HTTP and port 443
-
HTTPS and port 80
-
SFTP and port 80
Correct answer: HTTP and port 80
HTTP defines how the communications between a browser and a web server are formatted and transmitted. Applications and websites that run in the cloud run on a web server in that cloud. HTTP's default port is 80. HTTP's communication is not secured.
HTTPS is an extension of HTTP that has additional security layered on top of it.
SFTP is used for secure file transfer and uses port 22.
49.
An organization's employees need to access the Internet from their internal devices through the company firewall.
What mechanism is used to hide the internal device IP address from the outside world?
-
Network Address Translation (NAT)
-
Port Address Masking (PAM)
-
Address Masking Translation (AMT)
-
Internet Address Masking (IAM)
Correct answer: Network Address Translation (NAT)
NAT enables private IP networks to connect to the Internet by translating the internal addresses to one public IP address. Only one address is exposed to the outside world. This provides security by effectively hiding the entire internal network behind that single address.
The other answers are distractor acronyms, not standard protocols, technologies, or techniques.
50.
In your recent migration of 1,000 servers to the cloud, your goal was to implement a consistent virtual server image using a standard template. After deploying the initial group of servers, you notice that they are all receiving the same authentication errors when you try to log in using SSH.
What would be a likely theory for the probable cause of this deployment issue?
-
Template misconfiguration
-
Network bandwidth issues
-
Licensing issues
-
Integration issues
Correct answer: Template misconfiguration
The use of the template is intended to deploy a standard image across the environment, which this example accomplished. Because all the images were receiving the same error, the logical first place to look for an incorrect configuration setting would be the template. One of the known downsides of using a template is that it can result in propagating the same flaw across the environment.
Bandwidth, licensing, and integration issues are all less likely, given the information in the question.
51.
What address space is required for a Class A private network?
-
10.0.0.0 to 10.255.255.255
-
172.16.0.0 to 172.31.255.255
-
172.16.0.0 to 172.18.255.255
-
192.0.0.0 to 192.168.0.0
Correct answer: 10.0.0.0 to 10.255.255.255
Private network address spaces are commonly used in an internal corporate network. They are not made available as public addresses. The Class A private network address space of 10.0.0.0 to 10.255.255.255 generates over 16 million addresses.
The other answers listed are related to the class B or C ranges.
52.
You have subscribed to a cloud hosting site to run your company's website and customer relationship management (CRM) software. You successfully connected to the site and deployed a simple web page. You then downloaded and installed the CRM software from the cloud marketplace. However, when you navigate to the home page of the CRM application, you get an error.
Which of the following is MOST likely to be the cause of the error, based on the information available?
-
The error is related to the CRM software
-
The error is related to the hosting site being unavailable
-
The error is related to the simple web page
-
The error is related to network connectivity
Correct answer: The error is related to the CRM software
You were able to deploy a simple web page, so network connectivity and hosting site credentials work.
The host site is also available because the simple page was available, CRM was installed, and error was displayed.
The change is the CRM software, so troubleshooting starts there.
53.
You want to prevent the data on a hard drive from being used on another system.
What technology enables a processor to authenticate a hard drive and prevent it from being used on another system?
-
TPM
-
FDE
-
PDE
-
SED
Correct answer: TPM
Trusted Platform Module (TPM) is implemented through a processor on the system motherboard that authenticates an encrypted hard drive to the system. If the hard drive has come from another system, it will not be authenticated and, therefore, cannot be used.
Full disk encryption (FDE) is the process of encrypting drives and removable storage media. With FDE, files are encrypted at rest and decrypted when they are opened (e.g., after a user logs in).
A self-encrypting drive (SED) is a drive that performs hardware disk encryption and does not keep the decryption key in memory.
Personal Data Encryption (PDE) is a Windows technology for file-level encryption.
54.
What type of storage solution would you implement for systems that require block-level access, high performance, and are in multiple data centers?
-
Storage area network (SAN)
-
Network-attached storage (NAS)
-
Network file system (NFS)
-
Network block storage (NBS)
Correct answer: Storage area network (SAN)
SANs are high-end storage solutions that provide block-level access to data and run on their own network. Therefore, systems in different data centers can access data on SANs.
A NAS uses standard TCP/IP networks for storage traffic. A NAS is typically cheaper to implement than a SAN but offers lower performance. Given the requirements in the question, SAN is a better option.
NFS is a protocol used for file sharing and is not the best option given the requirements include block-level access.
NBS is a distractor answer and is not a standard protocol.
55.
Which of the following statements about CI/CD is TRUE?
-
CD goes beyond CI
-
CI goes beyond CD
-
CI does not include testing
-
CD does not include testing
Correct answer: CD goes beyond CI
Continuous deployment (or delivery) goes beyond the continuous integration (CI) process.
CI involves building and testing software automatically. Continuous deployment takes the additional step of automatically deploying to production. Continuous delivery deploys to a preproduction environment.
56.
iproute2 combines the functionality of what two earlier Linux commands?
-
route and ifconfig
-
dig and route
-
route2 and ipconfig
-
dig and route2
Correct answer: route and ifconfig
The iproute2 command enables users to monitor and control settings related to network routes, interfaces, drivers, and traffic control. It combines functionality from the route and ifconfig commands into a single tool.
dig is a tool for querying DNS records.
ipconfig is a Windows command.
route2 is a distractor answer.
57.
What is the name of the group of stakeholders that provide input to the change manager regarding proposed Requests For Change (RFC)?
-
Change advisory board
-
Change approval committee
-
Change analysis board
-
Change stakeholder board
Correct answer: Change advisory board
A change advisory board is a collection of stakeholders who can advise on the risks and benefits of a given change and provide input to allow the change manager to make the right decision.
The other answers are distractor answers.
58.
A DevOps engineer mounts a volume for a Docker container. How much of the volume will be allocated to the container?
-
The entire logical disk
-
A specific file
-
A specific folder without subfolders
-
A specific folder with subfolders
Correct answer: The entire logical disk
Mounting a volume to a Docker container or other container allocates the entire logical disk to the container, not just a specific file, folder(s), or subfolder(s).
59.
Who is responsible for dynamic resource allocation using a PaaS model?
-
Cloud provider
-
Customer
-
End user
-
SOC
Correct answer: Cloud provider
In both the platform as a service (PaaS) and software as a service (SaaS) models, the cloud provider is responsible for dynamic resource allocation.
Customers or end users are not responsible for dynamic resource allocation with PaaS and SaaS because the service provider handles it.
A security operations center (SOC) is responsible for responding to security incidents and other cybersecurity-related activity.
60.
A video streaming service uses an algorithm to suggest videos you may like based on your previous viewing patterns. The suggestions update over time based on the videos you view and "like."
This is MOST likely an implementation of what type of technology?
-
ML
-
MTU
-
REST
-
Serverless
Correct answer: ML
Suggestion algorithms are a common use case for machine learning (ML).
MTU is a network setting.
REST is a standard pattern for creating and using APIs.
Serverless computing is a form of computing where all the underlying resources are abstracted away from the consumer and functions are executed ad-hoc.