CompTIA Cloud Essentials+ Exam Questions

Page 2 of 25

21.

RSA, ECC, and ELGamal are examples of:

  • asymmetric encryption.

  • symmetric encryption.

  • hashing algorithms.

  • message authentication.

Correct answer: asymmetric encryption.

Asymmetric encryption encrypts data using a public key and decrypts it using a mathematically related private key. Asymmetric encryption algorithms include RSA, ECC, and ELGamal.

22.

When a regional outage occurs, a corporation wishes to incorporate replication in its shipment tracking application. What measure would be BEST to ensure that the company's standards are met?

  • Geo-redundancy

  • Load balancing

  • Clustering

  • Backups

Correct answer: Geo-redundancy

The organization should employ geo-redundancy to ensure the application's high availability. By deploying a replicated application in a secondary geographical zone, the reachability of the tracking application is increased.

Another related concept is high availability. High availability is a characteristic that enables services to operate for extended periods of time with minimal downtime. High availability may be achieved through a variety of methods, including those listed below:

  • Hardware redundancy
  • Network fail over
  • Load balancing
  • Geo-redundancy
  • Backups

23.

While completing a risk assessment of your company's cloud deployment, you document many risks and their likelihoods and impacts. What is the document called?

  • Risk register

  • Findings

  • SOW

  • SOP

Correct answer: Risk register

A risk register is a record of every risk that an organization has recognized. It compiles a list of all potential risks for management to analyze and decide the most appropriate risk response. The risk register enables management to have a holistic view of all identified risks. This enables a holistic approach to risk management and response.

24.

While REST is almost always implemented over HTTP, the same is not always true for: 

  • SOAP

  • SMTP

  • TCP 

  • Microservices

Correct answer: SOAP

SOAP is not always implemented over HTTP - it can be implemented over SMTP or FTP. REST is almost always implemented over HTTP.

SMTP, TCP, and microservices are incorrect. Simple Mail Transfer Protocol (SMTP) is a network protocol used to implement SOAP. Transmission Control Protocol (TCP) is a network protocol that would be inefficient for REST. Microservice communications require a method of connecting to URIs. 

25.

RC4, Blowfish and AES are examples of:

  • symmetric encryption.

  • asymmetric encryption.

  • hashing algorithms.

  • PKI certificates.

Correct answer: symmetric encryption.

Symmetric encryption encrypts and decrypts using the same key. Symmetric encryption algorithms include RC4, Blowfish, and AES.

26.

What is a benefit of using the cloud to store and manage data?

  • Data availability

  • Data replication

  • Data locality

  • Data backup

Correct answer: Data availability

A significant benefit of using the cloud to store and manage data is that it increases data availability. Data may be accessed quickly and easily without the need for complicated infrastructure. The cloud also ensures greater data availability by managing data backups and distributing them across many regions.

27.

There are a variety of cloud-related document types. Which document is focused on availability and performance?

  • SLA

  • EULA

  • RFI

  • SOW

Correct answer: SLA

Service-level agreement (SLA) is a contract between a CSP and a cloud customer. SLAs focus on cloud service performance, availability, and technical support.

EULA, RFI, and SOW are other cloud-related document types and are incorrect. An end-user license agreement (EULA) is a contract that software users agree to when using software. A request for information (RFI) is a request for a statement of work. Statement of work (SOW) is a statement related to the level of performance of cloud services over a period of time. 

28.

In terms of cloud block storage, what is the distinction between storage pricing tiers?

  • IOPS

  • RAM

  • Storage replication

  • CPU

Correct answer: IOPS

Disk Input/output Operations Per Second (IOPS) is a measurement of disk I/O throughput. The throughput of a disk is expressed in terms of Input/output Operations Per Second (IOPS). There are numerous storage choices available in the cloud. They are classified as Premium SSDs or Standard HDDs. Increased IOPS equates to improved disk performance. Depending on the workload requirements, IOPS should be considered.

29.

On the subject of licensing, which of the following acronyms describes the agreement that must be signed after configuring the OS and supplying licensing information?

  • EULA

  • OSSA

  • OLUA

  • ELUA

Correct answer: EULA

EULA, or end user licensing agreement, is an agreement about the terms of the licensing arrangement when using software. An EULA is signed after configuring the OS and supplying licensing information. 

OSSA, OLUA, and ELUA are incorrect and not common acronyms. 

30.

Which activity will require a level of cooperation from the cloud service provider?

  • Penetration testing

  • Adding/deleting resources

  • Deploying VMs

  • Vulnerability scanning

Correct answer: Penetration testing

Penetration testing (pen testing) will require a level of cooperation from the provider as they are normally very reluctant to allow access physically to their cloud or network diagrams. Most cloud service providers have documentation referred to as "Penetration Testing Rules of Engagement" which outline the do's and don'ts and the can and can not's of penetration testing their resources. By following this link (https://www.microsoft.com/en-us/msrc/pentest-rules-of-engagement?rtc=3) you can review Microsoft Azure Cloud's current documentation. 

31.

The IT department is considering increasing the computing resources available to a production virtual machine that is currently facing performance challenges while running a large database. At the moment, the virtual machine is assigned the compute class "general." Which approach is the MOST cost-effective in terms of mitigating database performance issues?

  • Convert compute to a memory-optimized class

  • Convert compute to a CPU-optimized class

  • Maintain the compute class in its current state and upgrade the RAM

  • Maintain the compute class in its current state and upgrade the CPU

Correct answer: Convert compute to a memory-optimized class

The majority of CSPs have segmented their compute offers into distinct classes, each of which optimizes a particular aspect of the compute node being requested. The "general" class is the least expensive option, provided you do not require resources from another class. In this situation, increasing the RAM on the IT department's present general class compute to address the database's performance issues will be significantly more expensive. Converting compute to a memory-optimized class is the most cost-effective solution.

32.

In terms of blockchain, once a block has been verified by blockchain nodes, it is distributed over millions of computers globally. The block can't be changed once it's been added to the chain, therefore it is:

  • Immutable

  • Transparent

  • Decentralized

  • Portable

Correct answer: Immutable

Because of how transactions are conducted and verified using cryptography and hashing, blockchain is immutable, which provides a high level of data integrity.

33.

Which of the following terms would be most closely associated with the cloud security term MaaS?

  • SIEM

  • POV

  • SOA 

  • P2V

Correct answer: SIEM

Security information and event management (SIEM) is a set of tools offered by Monitoring as a Service (MaaS) providers. These tools collect and analyze information related to possible security incidents. Monitoring threats is the key function of MaaS. 

POV, SOA, and P2V are incorrect. Proof of value (POV) is the business value of cloud computing. Service-oriented architecture (SOA) is a microservices-based architecture. Physical to virtual (P2V) uses software to recreate a physical machine as a virtual machine.  

34.

When your organization created cloud services, the cloud administrator set a location and region for the cloud resources to be deployed. To comply with regulatory requirements, the organization needed to ensure that sensitive data was stored in data centers located within national borders.

What is this called?

  • Data sovereignty

  • Data hardening

  • Data sanitization

  • Data validation

Correct answer: Data sovereignty

Data sovereignty refers to the practice of maintaining sensitive data within national borders in order to exercise control over the data's jurisdiction and rule of law. To comply with regulatory requirements, the business needed to ensure that sensitive data was stored in data centers located within national borders. Data sovereignty is why the cloud administrator made a point of specifying the location of the resources.

Data hardening, data sanitization, and data validation are incorrect. Hardening is the process of reducing an attack surface. Sanitization is the process of making data unrecoverable. Validation is the process of proving something related to data.  

35.

A computer system does not store a file as a whole file, it breaks the files up into:

  • blocks.

  • objects.

  • files.

  • metadata.

Correct answer: blocks.

Block storage is the method of storing files on a disk drive in the form of blocks or sectors. The file is not stored as a whole file; rather, the file is broken up into blocks and sent to the disk in blocks.

36.

A PaaS cloud hosted database solution is being deployed within a cloud infrastructure. When creating the managed instance, what option will need to be selected?

  • Compute and performance class

  • Availability capabilities

  • Maintenance operations

  • Security and compliance options

Correct answer: Compute and performance class

The advantage of PaaS in terms of cloud-hosted database solutions is that it provides easy definition and scaling of performance, or compute resources. You can interact with the hosted database using any tool or program that supports database access. You do not, however, have system-level access. When creating the hosted database, you will be prompted to select a compute class with the necessary CPU and memory resources.

37.

The cloud service provider's RFP has been accepted by the organization. What is the logical next step?

  • PoC & Pilot

  • RFI & RFQ

  • RFI & PoC

  • RFQ & Pilot

Correct answer: PoC & Pilot

Following the approval of the Request For Proposals (RFP), the next stage of this process would be to conduct an evaluation, such as a pilot or Proof of Concept (PoC). Another necessary step would be to validate the Statement of Work (SoW) and Service Level Agreement (SLA), and then to sign the contract and migrate, but it is critical to ensure that solutions match the success criteria.

38.

What can automation achieve in the context of cloud security?

  • Deploy a VM without human intervention 

  • Deploy an entire web application

  • Deploy runbooks

  • Organizing autonomous tasks with other autonomous tasks 

Correct answer: Deploy a VM without human intervention

Cloud automation is capable of deploying a VM without human intervention.

Tasks such as deploying entire web applications, runbooks, or organizing autonomous tasks with other autonomous tasks are all part of cloud orchestration. Cloud automation is not the same thing as cloud orchestration. 

39.

What is the term for the ongoing execution of the development, build, and test phases of the application lifecycle?

  • Continuous integration

  • Continuous deployment

  • Continuous delivery

  • Continuous development

Correct answer: Continuous integration

Continuous Integration and Delivery (CI/CD) have become synonymous with Development Operations (DevOps). We require disposable resources, IaC, and auto-scaling in order to be efficient with continual change. Continuous Integration (CI) is the method of performing the first three steps of the application development lifecycle in a continuous fashion: development, build, and test. By continuous, we mean that the process can be carried out at any time and by anybody, and that the necessary infrastructure is in place.

40.

Which service is used to facilitate the transfer of very large quantities of on-premises data to the cloud?

  • AWS Snowball

  • Microsoft Azure Express Route 

  • AWS Direct Connect 

  • Microsoft Powershell cmdlets

Correct answer: AWS Snowball

AWS Snowball is a service for large data transfers from on-premises to the cloud. Snowball works by mailing physical storage media to on-premises data centers that can be used to download data and then mail back to AWS data centers for upload.  

Microsoft Azure Express Route, AWS Direct Connect, and Microsoft Powershell cmdlets are incorrect. Microsoft Azure Express Route and AWS Direct Connect are used to establish dedicated connections. Microsoft Powershell cmdlets are used for commands in a Powershell environment.