×

Quiz Session - Attempts With Random Questions

CompTIA Cloud+ (CV0-004) Version 2.0.1 Exam Questions

Page 3 of 30

41.

Acme Inc. hires you as a cloud engineer. Your first project requires you to vertically scale a database server in the cloud. 

Which of the following would BEST achieve the task?

  • Add resources to the existing database server

  • Create a second database server without a load balancer

  • Create a second database server with a load balancer

  • Create 3 new database servers to increase redundancy and future-proof the system

Correct answer: Add resources to the existing database server

Vertical scaling is achieved by adding additional resources to a server(s) in a system. Of the answers listed, only "Add resources to the existing database server" is an example of vertical scaling. 

Horizontal scaling is achieved by adding additional servers to a system.

42.

Which of the following levels of service availability offers the MOST uptime?

  • Five nines

  • Four nines

  • 99.9%

  • 90.999%

Correct answer: Five nines

Five nines is a common term that means 99.999% availability. 

Similarly, four nines represents 99.99% availability. 

99.9% and 90.999% are both lower levels of service availability.

43.

Acme Inc. wants to use their Microsoft Active Directory services for user authentication in their on-premise and public cloud resources. 

What process or technology will enable them to meet this requirement?

  • Federation

  • AAA

  • RBAC

  • ABAC

Correct answer: Federation

Federation allows third-party systems to be used for authentication. A common use case is using a single identity service, such as Microsoft Active Directory, for on-premise and cloud authentication. 

AAA is an access control framework. 

RBAC and ABAC are specific access control techniques that enforce policies based on roles (RBAC) or attributes (ABAC).

44.

You have successfully completed your plan of action for addressing reported system issues. You discovered during troubleshooting and remediation that users have full access to all system modules regardless of their role in the organization and that the issue was triggered by a user who should not have had authorization for certain features.

After verifying full system functionality, what control mechanism would you recommend putting in place to help prevent the problem from occurring again?

  • Change permissions

  • Retrain the users

  • Place physical controls on the system

  • Update system configurations

Correct answer: Change permissions

In this case, permission settings were incorrect. Therefore, the most relevant action to take is changing the permissions to reduce the level of access for the user that should not have been authorized to begin with.

45.

Your organization recently configured long-distance replication of a key ERP system to a secondary site 1,000 miles away, which caused a network latency issue for the ERP users. During troubleshooting, you identified the cause and applied a plan of action to resolve the problem. 

Before closing out this issue, how would you verify that the ERP system is meeting performance requirements?

  • Verify that ERP service level agreements are being met

  • Verify that the replication process still works

  • Verify that replication service level agreements are being met

  • Verify that the ERP system users have the correct access permissions

Correct answer: Verify that ERP service level agreements are being met

Transactional business-critical systems like ERP have performance and response time service level agreements (SLAs) associated with them. The question calling out ERP performance requirements is the key indicator that SLAs are relevant here.

The other steps are useful verification points, but ultimately, the SLAs are what matter most for the performance requirements.

46.

An organization's employees need to access the Internet from their internal devices through the company firewall. 

What mechanism is used to hide the internal device IP address from the outside world?

  • Network Address Translation (NAT)

  • Port Address Masking (PAM)

  • Address Masking Translation (AMT)

  • Internet Address Masking (IAM)

Correct answer: Network Address Translation (NAT)

NAT enables private IP networks to connect to the Internet by translating the internal addresses to one public IP address. Only one address is exposed to the outside world. This provides security by effectively hiding the entire internal network behind that single address.

The other answers are distractor acronyms, not standard protocols, technologies, or techniques.

47.

Acme Inc. is planning to deploy HIDS throughout their network. Where will they install the HIDS agents?

  • Endpoints

  • Routers

  • Load balancers

  • Storage blocks

Correct answer: Endpoints

A host-based intrusion detection system (HIDS) monitors and analyzes traffic and activity for endpoint systems within a network. Examples include workstations and virtual machines. 

Select routers and load balancers could run a HIDS (for example, Linux appliances running WAZUH). However, endpoints like servers and workstations are more commonly associated with HIDS, making these two answers less applicable than endpoints. 

Storage blocks are used to store data and are not directly associated with running a HIDS agent.

48.

You wish to monitor resources in order to understand which users consume which resources and for how long, in order to allocate costs back to departments so that they pay for their share of compute resource usage. 

What is this policy called?

  • Chargeback

  • Show back

  • Cost split

  • Cost share

Correct answer: Chargeback

Instead of simply charging all IT costs to one central department, an organization charges costs to individual users or departments. This is known as a chargeback.

Show back, cost split, and cost share are distractor answers.

49.

You are supporting a global application in the cloud that is accessed by employees across 20 countries. The application has a service level agreement (SLA) mandating a user response time of less than one second. Results of a recent connectivity test show that all users were able to access the application; however, users in three countries experienced average response times of five to ten seconds. 

Would this be considered a successful connectivity test?

  • No, because successful connectivity also means latency objectives must be met, especially if there are SLAs.

  • Yes, because all users were able to connect to the application successfully.

  • Yes, because the majority of users were able to connect to the application and experienced a good response time.

  • Yes, because the organization did not experience any downtime.

Correct answer: No, because successful connectivity also means latency objectives must be met, especially if there are SLAs.

Connectivity to a cloud service is defined as both the physical connection to cloud resources and acceptable latency (delay). Slow cloud performance due to connectivity issues can have business impacts on organizations. In this example, there was a published SLA for a sub-second response time. Because a population of users did not experience sub-second response times, this would be considered an unsuccessful connectivity test.

50.

Which of the following is likely to introduce the LEAST amount of changes during an update?

  • Hotfix

  • Service pack

  • Rollup

  • Major version update

Correct answer: Hotfix

A hotfix is a targeted fix for a critical issue. A quick fix engineering (QFE) update is another term for a hotfix.  Because these fixes are targeted, they typically introduce fewer changes than rollups, service packs, and major version updates, all of which typically include multiple changes.

51.

Terraform and Ansible are examples of what type of platform?

  • Orchestration

  • Community

  • Monitoring

  • Observability

Correct answer: Orchestration 

Terraform and Ansible are both orchestration platforms. Orchestration platforms are tools for automating the resource and infrastructure management.

52.

Your organization uses Salesforce to manage its customer contacts and Office 365 to send emails to those contacts. Both are Software as a Service (SaaS) applications, and they communicate with each other through an API.

What category of issues BEST describes problems that may arise related to how these two platforms communicate with one another? 

  • Integration

  • Capacity

  • Time synchronization

  • Licensing

Correct answer: Integration

SaaS vendors often integrate with each other through APIs. They publish detailed documentation that specifies how to set the integration up. Since SaaS providers deliver a high level of service operations, problems usually arise in the integration layer. 

Issues related to the SalesForce and Office365 communications described in the question would be categorized as integration issues.

53.

Which of the following is an example of increased read/write storage speed?

  • IOPS increasing from 60 to 80

  • Threads decreasing from 10 to 1

  • Disk utilization increasing from 40% to 90%

  • RAM increasing from 8GB to 16GB

Correct answer: IOPS increasing from 60 to 80

Input/output operations per second (IOPS) is a measurement of reads or writes from storage per second. Higher IOPS numbers indicate increased read/write storage speed. 

Threads are related to CPUs, not storage. 

Disk utilization increasing from 40% to 90% would not necessarily increase read/write storage speed.

RAM is memory, not storage. Increasing RAM would not directly increase read/write storage speed, although it can improve performance and may indirectly influence IOPS numbers.

54.

In the systems design phase, capacity requirements are gathered and built into the system configuration specifications. 

What is the initial capacity configuration called?

  • Baseline

  • Presumptive

  • Discrete

  • Initial

Correct answer: Baseline

Baseline capacity is considered to be a measuring stick against which demand is monitored, and future demand is forecasted.

Presumptive, discrete, and initial are distractor answers.

55.

Acme Inc. follows standard practices for encryption at rest and encrypts data at rest on a server that uses solid-state drives (SSDs) and has 128 GB of RAM.

When would the data on the server be encrypted?

  • Before it is written to the SSD

  • Before it is written to RAM

  • After it is written to the SSD

  • After it is written to RAM

Correct answer: Before it is written to the SSD

Data at rest is encrypted before it is written to storage. SSDs and hard drive disks (HDDs) are examples of storage. 
 

RAM is memory, not storage.

56.

You anticipate that your system storage needs are going to grow quickly and would like to make sure you have all the storage you need upfront. 

What type of storage provisioning model should you use?

  • Thick provisioning

  • Thin provisioning

  • Virtual provisioning

  • Reallocated provisioning

Correct answer: Thick provisioning

Thick provisioning allocates all storage capacity at creation. This means that the storage availability is guaranteed, it will be on the same continuous disk, and cannot be claimed by another system.

Thin provisioning allocates storage as needed. 

The requirements here are best suited for thick provisioning. 

Virtual and reallocated provisioning are distractor answers.

57.

Which intrusion system sends alerts and logs suspicious traffic, but does NOT take action to block or contain a potential attack?

  • IDS

  • IPS

  • KMS

  • LMS

Correct answer: IDS

An intrusion detection system (IDS) analyzes network traffic for signatures that match known cyber attacks. If the IDS identifies such an event, it notifies both the network and the security monitoring framework. It does not attempt to block or contain potential attacks. 

An intrusion prevention system (IPS) is similar but does take action to block potential attacks. 

A key management system (KMS) is used to manage cryptographic keys. 

A learning management system (LMS) is used to organize and share educational information within an organization. 

58.

Acme Cloud LLC. provides consumers with subscription-based access to virtual machines over the public internet. Acme Cloud LLC. is responsible for all physical infrastructure and hypervisors. Consumers are solely responsible for installing an operating system on the virtual machines and maintaining the database and application layers. 

This is an example of which cloud service model?

  • IaaS

  • PaaS

  • Public

  • Hybrid 

Correct answer: IaaS

In the infrastructure as a service (IaaS) model, cloud service providers are responsible for physical infrastructure and hypervisors, while consumers are responsible for the operating systems on "up" to the databases and applications. 

In PaaS models, customers typically aren't solely responsible for the operating system.

Public and hybrid are cloud deployment models, not service models.

59.

A DevOps engineer wants to allocate an entire logical disk to a Docker container. 

What should the DevOps engineer use to allocate the storage to the container?

  • Volume

  • Bind point

  • OCI specification

  • RDP

Correct answer: Volume

Mounting a volume to a Docker container allocates the entire logical disk. 

Bind points are used to allocate specific directory trees to a Docker container or other container. 

RDP is a remote access protocol.

OCI specification is a distractor answer. There are OCI specifications for container runtimes and formatting.

60.

In earlier versions of Linux, the route command and the ifconfig command were used together to connect devices to a network and define routes between them. 

What command replaced these two in later versions of Linux?

  • iproute2

  • ipconfig

  • Route66

  • ping

Correct answer: iproute2

iproute2 is a Linux command for controlling and monitoring various aspects of networking, such as routing, network interfaces, tunnels, traffic control, and network drivers. It replaces some functionality that used to require ifconfig and route. 

ipconfig is a Windows command. 

Route66 is a distractor answer. 

ping is a command used to check network connectivity.

×