CompTIA CompTIA Certifications CV0-003 Questions & Answers

• Question 361:

  A systems administrator is configuring a cloud solution for a vulnerability assessment to test the company's resources that are hosted in a public cloud. The solution must test the company's resources from an external user's perspective. Which of the following should the systems administrator configure?

  A. An agent-based scan

  B. A network-based scan

  C. A port scan

  D. A credentialed scan

  Correct Answer: B

  Explanation: A network-based scan is a type of vulnerability assessment that tests the security of a system or a network from an external user's perspective, without requiring any software or credentials on the target. A network-based scan can identify vulnerabilities such as open ports, misconfigured firewalls, outdated software, or exposed services .

• Question 362:

  A systems administrator is planning to migrate to a cloud solution with volume-based licensing. Which of the following is most important when considering licensing costs?

  A. The number of cores

  B. The number of threads

  C. The number of machines

  D. The number of sockets

  Correct Answer: C

  Explanation: Volume-based licensing is a model where the cost of the software is based on the number of licenses purchased1. This model is commonly used for software that is installed on a specific number of devices, such as antivirus software or office productivity suites1. Therefore, the number of machines is the most important factor when considering licensing costs in this model. References: CompTIA Cloud+ CV0-003 Exam Objectives, Objective 1.2: Given a scenario, compare and contrast various cloud service models ; Cloud+ V0-003: CompTIA Cloud+ Licensing Models1

• Question 363:

  A cloud solutions architect has an environment that must only be accessed during work hours. Which of the following processes should be automated to BEST reduce cost?

  A. Scaling of the environment after work hours

  B. Implementing access control after work hours

  C. Shutting down the environment after work hours

  D. Blocking external access to the environment after work hours

  Correct Answer: C

  One of the main benefits of cloud computing is that you only pay for the resources that you use. However, this also means that you need to manage your cloud resources efficiently and avoid paying for idle or unused resources1. Shutting down the environment after work hours is a process that can be automated to best reduce cost in a cloud environment that must only be accessed during work hours. This process involves stopping or terminating the cloud resources, such as virtual machines, databases, load balancers, etc., that are not needed outside of the work hours. This can significantly reduce the cloud bill by avoiding charges for compute, storage, network, and other services that are not in use2. The other options are not the best processes to automate to reduce cost in this scenario: Option A: Scaling of the environment after work hours. Scaling is a process that involves adjusting the number or size of cloud resources to match the demand or workload. Scaling can be done manually or automatically using triggers or policies. Scaling can help optimize the performance and availability of a cloud environment, but it does not necessarily reduce the cost. Scaling down the environment after work hours may reduce some costs, but it may still incur charges for the remaining resources. Scaling up the environment before work hours may increase the cost and also introduce delays or errors in provisioning new resources3. Option B: Implementing access control after work hours. Access control is a process that involves defining and enforcing rules and policies for who can access what resources in a cloud environment. Access control can help improve the security and compliance of a cloud environment, but it does not directly affect the cost. Implementing access control after work hours may prevent unauthorized access to the environment, but it does not stop or terminate the resources that are still running and consuming cloud services4. Option D: Blocking external access to the environment after work hours. Blocking external access is a process that involves restricting or denying network traffic from outside sources to a cloud environment. Blocking external access can help protect the environment from potential attacks or breaches, but it does not impact the cost. Blocking external access after work hours may prevent unwanted requests or connections to the environment, but it does not shut down or release the resources that are still active and generating cloud charges.

• Question 364:

  A company has a web application running in an on-premises environment that needs to be migrated to the cloud. The company wants to implement a solution that maximizes scalability, availability, and security, while requiring no infrastructure administration. Which of the following services would be BEST to meet this goal?

  A. A PaaS solution

  B. A hybrid solution

  C. An laaS solution

  D. A SaaS solution

  Correct Answer: A

  Explanation: A PaaS solution, or platform as a service, is a cloud computing service that provides a complete, ready-to-use, cloud-hosted platform for developing, running, maintaining and managing applications1. A PaaS solution would meet the company's goal of maximizing scalability, availability, and security, while requiring no infrastructure administration, because: Scalability: A PaaS solution can automatically scale up or down the resources needed to run the application based on the demand and traffic. The company does not need to worry about provisioning or managing servers, storage, network, or load balancers23. Availability: A PaaS solution can ensure high availability and reliability of the application by replicating it across multiple regions and zones. The company does not need to worry about backup, recovery, or failover23. Security: A PaaS solution can provide built-in security features such as encryption, authentication, authorization, and firewall. The company does not need to worry about installing or updating security patches or software23. No infrastructure administration: A PaaS solution can abstract away the underlying infrastructure and hardware from the company. The company only needs to focus on developing and deploying the application code and data. The PaaS provider takes care of the rest23. A hybrid solution (B) is a cloud computing service that combines on-premises and cloud resources. It may offer some benefits such as flexibility and cost optimization, but it would not meet the company's goal of requiring no infrastructure administration. The company would still need to manage and maintain the on-premises part of the solution4. An IaaS solution ? or infrastructure as a service, is a

• Question 365:

  Which of the following provides groups of compute units that can horizontally scale according to a workload?

  A. Orchestrated container environment

  B. Cloud-reserved instances

  C. Autoscaling

  D. Cloud bursting

  Correct Answer: C

  Explanation: Autoscaling is a feature that allows groups of compute units to horizontally scale according to a workload or predefined rules. Autoscaling can increase or decrease the number of compute units dynamically based on metrics such as CPU utilization, memory usage, network traffic, or user demand. Autoscaling can improve performance, availability, and cost-efficiency of cloud applications. References: [CompTIA Cloud+ Study Guide], page 75.

• Question 366:

  A technician deployed a VM with NL-SAS storage to host a critical application. Two weeks later, users have begun to report high application latency. Which of the following is the best action to correct the latency issue?

  A. Increase the capacity of the data storage.

  B. Migrate the data to SAS storage.

  C. Increase the CPU of the VM.

  D. Migrate the data to flash storage.

  Correct Answer: D

  

  Explanation: Flash memory Explore One possible answer is:

  D. Migrate the data to flash storage.

  Flash storage is a type of solid-state storage technology that uses flash memory chips to store data. Flash storage has several advantages over NL-SAS storage, which is a hybrid of SATA and SAS technologies that uses spinning disks to

  store data. Flash storage can provide much faster performance, lower latency, higher reliability, and lower power consumption than NL-SAS storage12. Therefore, migrating the data to flash storage can help correct the latency issue for the

  critical application. However, flash storage may also be more expensive and have lower capacity than NL-SAS storage, so these factors should also be considered before making the migration decision12.

• Question 367:

  A cloud engineer is deploying a server in a cloud platform. The engineer reviews a security scan report. Which of the following recommended services should be disabled? (Select TWO).

  A. Telnet

  B. FTP

  C. Remote login

  D. DNS

  E. DHCP

  F. LDAP

  Correct Answer: AB

  Telnet and FTP are two services that should be disabled on a cloud server because they are insecure and vulnerable to attacks. Telnet and FTP use plain text to transmit data over the network, which means that anyone who can intercept the traffic can read or modify the data, including usernames, passwords, commands, files, etc. This can lead to data breaches, unauthorized access, or malicious actions on the server1. Instead of Telnet and FTP, more secure alternatives should be used, such as SSH (Secure Shell) and SFTP (Secure File Transfer Protocol). SSH and SFTP use encryption to protect the data in transit and provide authentication and integrity checks for the communication. SSH and SFTP can prevent eavesdropping, tampering, or spoofing of the data and ensure the confidentiality and privacy of the server2. The other options are not services that should be disabled on a cloud server: Option C: Remote login. Remote login is a service that allows users to access a remote server from another location using a network connection. Remote login can be useful for managing, configuring, or troubleshooting a cloud server without having to physically access it. Remote login can be secured by using encryption, authentication, authorization, and logging mechanisms3. Option D: DNS (Domain Name System). DNS is a service that translates human- friendly domain names into IP addresses that can be used to communicate over the Internet. DNS is essential for resolving the names of the cloud resources and services that are hosted on the cloud platform. DNS can be secured by using DNSSEC (DNS Security Extensions), which add digital signatures to DNS records to verify their authenticity and integrity. Option E: DHCP (Dynamic Host Configuration Protocol). DHCP is a service that assigns IP addresses and other network configuration parameters to devices on a network. DHCP can simplify the management of IP addresses and avoid conflicts or errors in the network. DHCP can be secured by using DHCP snooping, which filters out unauthorized DHCP messages and prevents rogue DHCP servers from assigning IP addresses. Option F: LDAP (Lightweight Directory Access Protocol). LDAP is a service that stores and organizes information about users, devices, and resources on a network. LDAP can provide identity management and access control for the cloud environment. LDAP can be secured by using LDAPS (LDAP over SSL/TLS), which encrypts the LDAP traffic and provides authentication and integrity checks.

• Question 368:

  A company would like to move all its on-premises platforms to the cloud. The company has enough skilled Linux and web-server engineers but only a couple of skilled database administrators. It also has little expertise in managing email services. Which of the following solutions would BEST match the skill sets of available personnel?

  A. Run the web servers in PaaS, and run the databases and email in SaaS.

  B. Run the web servers, databases, and email in SaaS.

  C. Run the web servers in laaS, the databases in PaaS, and the email in SaaS.

  D. Run the web servers, databases, and email in laaS.

  Correct Answer: C

  To answer this question, we need to understand the different types of cloud computing models and how they suit the skill sets of the available personnel. According to Google Cloud, there are three main models for cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Each model provides different levels of control, flexibility, and management over the cloud resources and services1. IaaS: This model provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. It gives the highest level of flexibility and management control over the IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with2. PaaS: This model provides a complete cloud platform for developing, running, and managing applications without the cost, complexity, and inflexibility of building and maintaining the underlying infrastructure. It removes the need for organizations to manage the hardware and operating systems and allows them to focus on the deployment and management of their applications2. SaaS: This model provides a completed product that is run and managed by the service provider. It does not require any installation, maintenance, or configuration by the customers. It is typically used for end-user applications that are accessed through a web browser or a mobile app2. Based on these definitions, we can evaluate each option: Option A: Run the web servers in PaaS, and run the databases and email in SaaS. This option is not the best match for the skill sets of the available personnel because it does not leverage their expertise in Linux and web-server engineering. Running the web servers in PaaS means that they will have less control and customization over the web server environment and will have to rely on the service provider's platform features. Running the databases and email in SaaS means that they will not need any database administration or email management skills, but they will also have less flexibility and security over their data and communication. Option B: Run the web servers, databases, and email in SaaS. This option is not a good match for the skill sets of the available personnel because it does not utilize their skills at all. Running everything in SaaS means that they will have no control or responsibility over any aspect of their cloud environment and will have to depend entirely on the service provider's products. This option may be suitable for some small businesses or non-technical users who do not have any IT skills or resources, but not for a company that has skilled Linux and web-server engineers. Option C: Run the web servers in IaaS, the databases in PaaS, and the email in SaaS. This option is the best match for the skill sets of the available personnel because it balances their strengths and weaknesses. Running the web servers in IaaS means that they can use their Linux and web-server engineering skills to configure, manage, and optimize their web server infrastructure according to their needs. Running the databases in PaaS means that they can leverage the service provider's platform features to simplify their database development and administration tasks without having to worry about the underlying hardware and operating systems. Running the email in SaaS means that they can outsource their email services to a reliable and secure service provider without having to invest in or manage their own email infrastructure. Option D: Run the web servers, databases, and email in IaaS. This option is not a good match for the skill sets of the available personnel because it puts too much burden on them. Running everything in IaaS means that they will have to handle all aspects of their cloud environment, including networking, computing, storage, security, backup, scaling, patching, etc. This option may be suitable for some large enterprises or highly technical users who have full control and customization over their cloud environment, but not for a company that has only a couple of skilled database administrators and little expertise in managing email services. Therefore, option C is the correct answer.

• Question 369:

  A systems administrator deployed a new web application in a public cloud and would like to test it, but the company's network firewall is only allowing outside connections to the cloud provider network using TCP port 22. While waiting for the network administrator to open the required ports, which of the following actions should the systems administrator take to test the new application? (Select two).

  A. Create an IPSec tunnel.

  B. Create a VPN tunnel.

  C. Open a browser using the default gateway IP address.

  D. Open a browser using the localhost IP address.

  E. Create a GRE tunnel.

  F. Create a SSH tunnel.

  Correct Answer: BF

  Explanation: To test the new web application in the public cloud, the systems administrator should create a replica database, synchronize the data, and switch to the new instance, and create a SSH tunnel. Creating a replica database can help minimize the downtime and ensure data consistency during the migration. Synchronizing the data can help keep the replica database up to date with the original database. Switching to the new instance can help activate the new web application in the public cloud. Creating a SSH tunnel can help bypass the network firewall and access the web application using TCP port

  22. SSH is a secure protocol that can create encrypted tunnels between the local and remote hosts. By creating a SSH tunnel, the systems administrator can forward the web application traffic through the tunnel and test it using a web

  browser. References:

  [CompTIA Cloud+ CV0-003 Certification Study Guide], Chapter 7, Objective 7.1: Given a scenario, migrate applications and data to the cloud.

• Question 370:

  A cloud administrator is having difficulty correlating logs for multiple servers. Upon inspection, the administrator finds that the time-zone settings are mismatched throughout the deployment. Which of the following solutions can help maintain time synchronization between all the resources?

  A. DNS

  B. IPAM

  C. NTP

  D. SNMP

  Correct Answer: C

  Explanation: The correct answer is C. NTP.

  NTP stands for Network Time Protocol, which is a standard protocol for synchronizing the clocks of computers over a network. NTP uses a hierarchical, client-server architecture, where a client requests the current time from a server, and the server responds with a timestamp. The client then adjusts its own clock to match the server's time, taking into account the network delay and clock drift. NTP can achieve sub-millisecond accuracy over local area networks and a few milliseconds over the internet12. NTP can help maintain time synchronization between all the resources in a distributed cloud environment, as it allows each resource to get the accurate time from a reliable source. This can help with correlating logs, auditing, security, and other time-sensitive operations. NTP can also handle different time zones, as it uses Coordinated Universal Time (UTC) as the reference time, and each resource can convert UTC to its local time zone12. DNS stands for Domain Name System, which is a protocol for resolving domain names into IP addresses. DNS does not provide any functionality for time synchronization3. IPAM stands for IP Address Management, which is a method for planning, tracking, and managing the IP address space used in a network. IPAM does not provide any functionality for time synchronization. SNMP stands for Simple Network Management Protocol, which is a protocol for collecting and organizing information about managed devices on a network. SNMP can be used to monitor the performance, availability, configuration, and security of network devices, but it does not provide any functionality for time synchronization.