CompTIA CV0-004 Online Practice Questions and Exam Preparation

CompTIA CV0-004 Online Questions & Answers

• Question 211:

  A cloud engineer is reviewing the following Dockerfile to deploy a Python web application:

  

  Which of the following changes should the engineer make lo the file to improve container security?

  A. Add the instruction "JSER nonroot.
  B. Change the version from latest to 3.11.
  C. Remove the EHTRYPOIKT instruction.
  D. Ensure myapp/main.pyls owned by root.
  A. Add the instruction "JSER nonroot.

  ---

  Explanation

  To improve container security, the engineer should add the instruction "USER nonroot" to the Dockerfile. This change ensures that the container does not run as the root user, which reduces the risk of privilege escalation attacks. Running containers as a non-root user is a best practice for enhancing security in containerized environments.

  References: CompTIA Cloud+ content includes security concerns, measures, and concepts for cloud operations, highlighting container security best practices such as running containers with least privilege to mitigate security risks.

• Question 212:

  Which of the following models will best reduce the cost of running short-term, non-critical workloads?

  A. Reserved
  B. Spot Instance
  C. Pay-as-you-go
  D. Dedicated host
  B. Spot Instance

  ---

  Explanation

• Question 213:

  A cloud engineer needs to integrate a new payment processor with an existing e- commerce website. Which of the following technologies is the best fit for this integration?

  A. RPC over SSL
  B. Transactional SQL
  C. REST API over HTTPS
  D. Secure web socket
  C. REST API over HTTPS

  ---

  Explanation

  The best technology for integrating a new payment processor with an existing e-commerce website is a REST API over HTTPS. This method is widely used for web services, allowing secure communication over the internet and a standardized way for applications to communicate with each other.

  References: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Integration

• Question 214:

  A systems administrator is implementing a new file storage service that has been deployed in the company's private cloud instance. The key requirement is fast read/write times for the targeted users, and the budget for this project is not a concern.

  Which of the following storage types should the administrator deploy?

  A. Spinning disks
  B. NVMe
  C. SSD
  D. Hybrid
  B. NVMe

  ---

  Explanation

• Question 215:

  A company wants to build its new platform using a public cloud. The workload requirements include the following:

  1. Implementation of custom CIS compliance 2. Patch for vulnerabilities within 24 hours 3. Warrant at least 1,800 IOPS per volume

  Which of the following meets the requirements?

  A. SaaS
  B. laaS
  C. FaaS
  D. PaaS
  B. laaS

  ---

  Explanation

  Infrastructure as a Service (IaaS) provides the most flexibility among cloud service models, allowing for the implementation of custom security and compliance standards, such as CIS compliance. IaaS environments offer control over the infrastructure, enabling patch management within specific time frames. Additionally, IaaS providers typically offer configurable storage options, including the ability to specify IOPS (Input/Output Operations Per Second) per volume to meet performance requirements.

• Question 216:

  A company hosts its server in a public IaaS cloud. The company's management decides to migrate the servers to a different geographical region that is closer to the user base. A cloud administrator creates a new environment in that geographical region.

  Which of the following is the BEST way to migrate the VM from the original geographic region to the new region?

  A. 1. Create a full backup of the VM.2. Copy the backup files into the new region using FTP.3. Restore the VM from the backup files.
  B. 1. Create a VM image.2. Export the VM image to the new region using vendor's tools.3. Deploy a new VM based on the created image.
  C. 1. Create a VM clone.2. Copy the clone into the new region using FTP.3. Apply the network and security groups from the new region to the cloned VM and start it.
  D. 1. Create a new VM in the new region.2. Restore a full-system backup from the original VM.3. Apply the network and security groups from the original region to the new VM.
  D. 1. Create a new VM in the new region.2. Restore a full-system backup from the original VM.3. Apply the network and security groups from the original region to the new VM.

  ---

  Explanation

• Question 217:

  A cloud architect attempts to modify a protected branch but is unable to do so. The architect receives an error indicating the action cannot be completed. Which of the following should the architect try instead?

  A. Adding a new remote
  B. Creating a pull request
  C. Merging the branch
  D. Rebasing the branch
  B. Creating a pull request

  ---

  Explanation

  When unable to modify a protected branch directly, the recommended approach is to create a pull request. This allows changes to be reviewed and approved by authorized personnel before being merged into the protected branch, maintaining code integrity and compliance with the project's workflow and policies.

• Question 218:

  A software engineer at a cybersecurity company wants to access the cloud environment. Per company policy, the cloud environment should not be directly accessible via the internet. Which of the following options best describes how the software engineer can access the cloud resources?

  A. SSH
  B. Bastion host
  C. Token-based access
  D. Web portal
  B. Bastion host

  ---

  Explanation

  A bastion host is the best option described for accessing cloud resources without direct internet access. It acts as a secure gateway to access internal networks from external sources and is often used in conjunction with other security measures such as SSH for secure connections.References: The use of bastion hosts as a secure access point to cloud resources is a security best practice covered in the CompTIA Cloud+ certification's domain on cloud security.

• Question 219:

  A developer at a small startup company deployed some code for a new feature to its public repository. A few days later, a data breach occurred. A security team investigated the incident and found that the database was hacked.

  Which of the following is the most likely cause of this breach?

  A. Database core dump
  B. Hard-coded credentials
  C. Compromised deployment agent
  D. Unpatched web servers
  B. Hard-coded credentials

  ---

  Explanation

  Hard-coded credentials within code, especially when deployed in a public repository, are a common security vulnerability. If credentials such as passwords or API keys are embedded in the code, anyone with access to the repository can potentially use them to gain unauthorized access to databases or other sensitive resources. This is a likely cause of the data breach in the scenario described.

  References: CompTIA Security+ Guide to Network Security Fundamentals by Mark Ciampa.

• Question 220:

  A systems administrator has migrated an internal application to a public cloud. The new web server is running under a TLS connection and has the same TLS certificate as the internal application that is deployed. However, the IT department reports that only internal users who are using new versions of the OSs are able to load the application home page.

  Which of the following is the MOST likely cause of the issue?

  A. The local firewall from older OSs is not allowing outbound connections
  B. The local firewall from older OSs is not allowing inbound connections
  C. The cloud web server is using a self-signed certificate that is not supported by older browsers
  D. The cloud web server is using strong ciphers that are not supported by older browsers
  D. The cloud web server is using strong ciphers that are not supported by older browsers

  ---

  Explanation

  Ciphers are algorithms or methods that are used to encrypt and decrypt data for secure communication. Strong ciphers are ciphers that use high-level encryption techniques and keys to provide stronger security and protection for data. The cloud web server is using strong ciphers that are not supported by older browsers is the most likely cause of the issue of only internal users who are using new versions of the OSs being able to load the application home page after the administrator configured a redirect from HTTP to HTTPS on the web server. Older browsers may not support the strong ciphers used by the cloud web server for HTTPS connections, which can result in a failure to establish a secure connection and load the application home page.

  References: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8