CompTIA Cloud+ (CV0-004) Version 1.0.7 Exam Questions

Page 2 of 30

21.

A user complains that a web page is not loading as expected.

What is the BEST example of a simple potential cause that can be eliminated before focusing on more complex ones?

  • Verify that the user entered the correct URL

  • Run a single ping command from all the affected devices

  • Compare the device configuration to the vendor documentation

  • Run a load test

Correct answer: Verify that the user entered the correct URL

Many times, a problem can be solved by ruling out entry-level indicators, such as ensuring that the user is logged in, that the user is connected to the network, or that the target system is turned on. These simple checks require a minimum of time and can avoid the expense of a detailed investigation if they are found to be the source of the issue.

All the other answers are more involved and could be unnecessary if the user was inputting the wrong URL.

22.

Acme Inc. hires you as a cloud engineer. Your first project requires you to vertically scale a database server in the cloud. 

Which of the following would BEST achieve the task?

  • Add resources to the existing database server

  • Create a second database server without a load balancer

  • Create a second database server with a load balancer

  • Create 3 new database servers to increase redundancy and future-proof the system

Correct answer: Add resources to the existing database server

Vertical scaling is achieved by adding additional resources to a server(s) in a system. Of the answers listed, only "Add resources to the existing database server" is an example of vertical scaling. 

Horizontal scaling is achieved by adding additional servers to a system.

23.

Your organization is capturing cloud metrics for bandwidth consumption, congestion, and packet loss. 

What category of systems management tracking does this fall into?

  • Connectivity

  • Compute

  • Cost management

  • Cloud

Correct answer: Connectivity

Connectivity metrics have to do with the network connection between the user and cloud services. These metrics are gathered to measure and ensure that applications are providing responsive service and delivering high performance and availability.

Compute metrics are associated with data processing (e.g., CPU metrics). 

Cloud metrics generically refer to all metrics related to the cloud, and bandwidth consumption, congestion, and packet loss metrics can apply to cloud and on-premises deployments, so connectivity is a better answer. 

While connectivity metrics may impact cloud costs, and bandwidth consumption may increase costs, congestion and packet loss are not cost management metrics.

24.

You are troubleshooting a network connectivity issue on a Windows virtual machine and want to flush the DNS cache. 

Which command-line tool should you use?

  • ipconfig

  • ifconfig

  • netstat

  • route

Correct answer: ipconfig

ipconfig is a Windows command-line utility that can display information related to local network interfaces and perform functions such as clearing DNS cache and renewing DHCP-assigned IP addresses. 

ifconfig is a comparable Linux command. However, ifconfig does not support functionality like clearing DNS cache.

The route command is used to display and modify routing tables. 

netstat displays network statistics and open ports.

25.

Where is persistent storage for containerized applications in a microservices architecture typically stored?

  • Outside of the container

  • In DAS

  • Inside a dedicated storage container

  • Inside each container in a microservices architecture

Correct answer: Outside of the container

Persistent storage is typically provided outside of (not inside) a container. This is useful because containers typically run in nonpersistent storage and are often intended to be "stateless." 

Direct attached storage (DAS) is storage that is directly connected using a physical connection such as SCSI or SATA.

26.

Acme Cloud LLC. provides an IaaS service to Small Co. 

Which of the following is Acme Cloud LLC. responsible for patching in this scenario?

  • Hypervisor

  • Operating system

  • Database

  • Web server application

Correct answer: Hypervisor

With the IaaS model, the cloud service provider (Acme Cloud LLC. in this case) is responsible for patching the hypervisor. 

The consumer (Small Co. in this case) is responsible for patching the operating systems. databases, and applications.

27.

Today is Nov 11, 2030. The certificate on a website is valid and expires Dec 11, 2030. Most users can access the website without issue.

One user complains with a new laptop that they see a certificate expired error when accessing the website. 

Which of the following is MOST likely to explain the issue?

  • Outbound traffic to port 123 is blocked on the laptop

  • Outbound traffic to port 21 is blocked on the laptop

  • Inbound traffic to port 989 is blocked on the laptop

  • Inbound traffic to port 53 is blocked on the laptop

Correct answer: Outbound traffic to port 123 is blocked on the laptop

An incorrect certificate expiry error could be explained by a misconfigured date and time on the local laptop. The network time protocol (NTP) uses port 123 by default. If the laptop could not sync its time to a network time server by sending outbound traffic over port 123, that could explain the issue. 

Inbound traffic is unlikely to be the issue. 

Port 21 is a default FTP port. 

28.

Acme Cloud LLC. provides consumers with subscription-based access to Postgres databases over the public internet. Acme Cloud LLC. is responsible for all physical infrastructure, hypervisors, operating system, and patching the Postgres version. Consumers are responsible for defining database schemas and the data stored in the Postgres databases. 

This is an example of which cloud service model?

  • PaaS

  • SaaS

  • Hybrid 

  • Public

Correct answer: PaaS

A cloud service model where Postgres database access is provided by a cloud service provider while the consumer is responsible for schemas and data in the database is an example of database as a service, which is a type of platform as a service (PaaS). 

With a SaaS model, consumers are not responsible for database schemas.

Hybrid and public are cloud deployment models, not cloud service models.

29.

A user walks up to an automated teller machine (ATM) and inputs their bank card. They then input a personal identification number (PIN) and withdraw money.

Is this an example of multifactor authentication? 

  • Yes, because a "something you have" and "something you know" factors were used.

  • Yes, because a "someplace you are" and "something you have" factors were used.

  • No, because only one factor was used.

  • No, because multifactor authentication requires a network.

Correct answer: Yes, because a "something you have" and "something you know" factors were used.

Multifactor authentication (MFA) requires the use of two or more authentication factors. In this case, the bank card was a "something you have" factor, and the PIN was a "something you know" factor.

30.

You are a cloud provider and need to allow each individual application to determine which user or groups of users have access to it based on data classifications of:

  • Top secret 
  • Confidential 
  • Restricted 

Users with top secret access must be allowed access to all data. Users with confidential access must only be allowed access to confidential and restricted data. Users with restricted access can only access restricted data.

Which access control methodology will you deploy?

  • Mandatory access control (MAC)

  • Discretionary access control (DAC)

  • Ticket Granting Ticket (TGT)

  • Task-based access control (TBAC)

Correct answer: Mandatory access control (MAC)

Mandatory access control is the most granular because it allows access privileges to be determined down to the detailed system or application level.

DAC allows users to decide how access rights are granted for objects they own. 

TBAC grants users access to specific capabilities for a specific amount of time. It is not a good fit for the data classification requirements defined in the question. 

 A TGT is an element of the Kerberos authentication protocol.

31.

Which of the following is typically used for formatting and exchanging authorization-related data?

  • SAML

  • ACL

  • vACL

  • ECC

Correct answer: SAML

Security Assertion Markup Language (SAML) is an XML-based language commonly used for the exchange of authorization-related data. 

An access control list (ACL) allows or disallows traffic or activity based on a list of rules. 

vACL is a distractor answer. 

Elliptic curve cryptography (ECC) is a type of cryptography that uses curves instead of prime number factors.

32.

You have deployed an upgrade to a production-mission-critical application in the cloud. 

What storage metric would you collect and compare to its baseline value to understand the impact of the upgrade on reads from disk?

  • Read IOPS

  • Storage faults

  • Storage wait time

  • Storage bandwidth

Correct answer: Read IOPS

Read input/output operations per second (IOPS) is an indication of how many times the application retrieves the requested user information from storage. If Read IOPS has increased above the baseline since the upgrade, that indicates greater usage of the application by users.

Storage wait time, faults, and bandwidth are distractor answers.

33.

What switch or suffix can be used with the traceroute command to specify the maximum number of hops to trace?

  • -h

  • -d

  • -j

  • -w

Correct answer: -h

The traceroute utility's -h switch allows the operator who is troubleshooting to limit the number of hops returned in the result. This option is used when troubleshooting is only done for a particular portion of the network or subnet.

34.

What is a major reason scripting languages are used for orchestration?

  • Simple to learn

  • Large footprint

  • Limited support

  • Require many updates

Correct answer: Simple to learn

Scripting languages use commands that are English-like and intuitive, thereby making them easy to learn and also easily maintainable.

None of the other answers are an advantage that would make scripting languages popular for orchestration tasks.

35.

You have configured your firewall to only allow traffic to TCP ports 443 and 25. 

What will happen to any HTTP traffic that is received on the default HTTP port?

  • The packets will be dropped

  • The HTTP traffic will be re-routed to port 443

  • The HTTP traffic will be re-routed to port 25

  • The packets will be allowed

Correct answer: The packets will be dropped

Firewalls can be configured to only accept traffic on certain ports. Ports 443 and 25 correspond to HTTPS and SMTP, respectively. Any other kind of traffic will not be accepted by this firewall. 

HTTP uses port 80 by default.

36.

What data format do SAML assertions use?

  • XML

  • JSON

  • YAML

  • CSV

Correct answer: XML

SAML is an authentication protocol that uses the XML data format. 

JSON, YAML, and CSV are all common data formats, but they are not the data format used for SAML assertions.

37.

Which of the following statements about stateful vs. stateless firewalls is FALSE?

  • Stateful firewalls can typically achieve better performance speeds

  • Stateful firewalls consider whether a session exists

  • Stateless firewalls can typically achieve better performance speeds

  • Stateless firewalls do not consider whether a session exists

Correct answer: Stateful firewalls can typically achieve better performance speeds

Stateful packet inspection considers whether a session exists before accepting a packet. Stateless packet inspection does not consider whether a session exists. 

Because stateless firewalls do not require the additional processing to determine the session state, they can typically achieve better performance speeds.

38.

Acme Inc. has built an internal datacenter for use only by their organization for handling sensitive internal business applications that deal with intellectual property. 

They have designed the software systems using cloud-native principles and internal users primarily consume them as SaaS products. They also use several public cloud services for email, collaboration, and word processing. 

What cloud deployment model is Acme Inc. using?

  • Hybrid

  • PaaS

  • IaaS

  • Community

Correct answer: Hybrid

A hybrid cloud model uses a combination of private cloud (which is owned and used by the organization) and public cloud (which is used by the organization). The question describes a hybrid model at Acme Inc. where the organization built an internal private cloud and also uses public cloud services. 

Platform as a service (PaaS) and infrastructure as a service (IaaS) are different cloud service (not deployment) models. 

Community cloud is a cloud deployed for use by multiple organizations with similar requirements and objectives.

39.

Which of the following is NOT an example of vertical scaling?

  • Upgrading a server application from a beta version to a production version with better resource utilization

  • Changing RAM from a 1024 MB module to a 4 GB module

  • Adding additional CPUs to a server

  • Increasing disk space available to a server

Correct answer: Upgrading a server application from a beta version to a production version with better resource utilization

Vertical scaling occurs when more resources are added to a server or system. Changing RAM from a 1024 MB module to a 4 GB module, adding additional CPUs, and increasing disk space available to a server are all examples of vertical scaling. 

Upgrading a server to a more efficient software version is not vertical scaling.

40.

Which method, used by both an IDS and an IPS, looks for patterns that appear malicious by comparing them to a baseline of normal network behavior?

  • Heuristics

  • Signatures

  • Algorithms

  • Spoofing

Correct answer: Heuristics

An organization will establish and configure a network baseline for normal traffic and operations. The IDS and IPS inspect the traffic and continuously map it against the baseline to search for potential malicious activities.

Signatures are used to match specific known malicious data. 

Algorithms applies broadly to a wide range of rule-based data processing. While the heuristics an IDS/IPS uses may use algorithms, heuristics are the more specific answer. 

Spoofing is the act of falsifying data, typically with the intent of tricking a person or system.