Cloud+
A new application with availability SLA requirements of 99.99% has been deployed in a cloud. For a test spanning a month, which of the following unavailability times would mean the test was successful? (Select TWO). A. 1 minute B. 4 minutes C. 10 minutes D. 30 minutes E. 60 minutes
A. 1 minute B. 4 minutes
During peak times, users are unable to access their online wealth management applications in a timely fashion. The online banking application resides in a community cloud environment. Which of the following explains how the cloud systems administrator should start to resolve this issue? A. Access the cloud services portal and ensure memory ballooning is enabled. B. Access the cloud services portal and ensure there is adequate disk space available. C. Access the cloud services portal and ensure all users are accessing it through the same web service. D. Access the cloud services portal and ensure the ACLs are set correctly for the user community.
A. Access the cloud services portal and ensure memory ballooning is enabled. ????
A storage administrator must choose the best replication methodology for storage. ▪ The datacenters are on opposite sides of the country. ▪ The RPO is 24 hours. ▪ Replication and customer access use the same connections. ▪ Replication should not impact customer access during the day. Which of the following solutions would BEST meet these requirements? A. Asynchronous B. Regional C. Multiregional D. Synchronous
A. Asynchronous
In a private cloud environment, which of the following is the BEST way to update 20 VMs with the same patch that has been regression tested and approved for rollout? A. Automate the distribution of the patch and use an orchestration tool to roll it out. B. Roll out the patch manually to the 20 VMs and reboot the system. C. Deploy the patch to ten VMs for testing and then install it on the remaining VMs. D. Install the patch on as many VMs as possible during the next maintenance window.
A. Automate the distribution of the patch and use an orchestration tool to roll it out.
A cloud administrator configures a new web server for the site https://companyname.com. The administrator installs a wildcard SSL certificate for *.companyname.com. When users attempt to access the site, a certificate error is received. Which of the following is the MOST likely cause of the error? A. Certificate misconfigured B. Certificate expired C. Certificate revoked D. Certificate not signed
A. Certificate misconfigured
A recent advertisement campaign has increased traffic to an e-commerce application that is hosted within a public cloud environment. Customers are reporting that it takes too long to load their pages and submit orders. A cloud administrator looks at the metrics from the environment and sees high utilization of the CPU and memory resources. The cloud provider offers several preconfigured sizes for server template: x-small, small, medium, large, x-large, and 2x-large. https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_30_Image_0001.jpg Given an expected increase in workload, which of the following is the BEST solution to improve application performance? A. Change the server template size for Inxpc003 to 2x-large. B. Provision additional Inxpc servers using the 2x-large template. C. Add memory to Inxpc002, Inxpc003, and Inxpc003. D. Change the role of Inxw001 from web to application.
A. Change the server template size for Inxpc003 to 2x-large.
A cloud administrator reports a problem with the maximum number of users reached in one of the pools. There are ten VMs in the pool, each with a software capacity to handle ten users. Based on the dashboard metrics, 15% of the incoming new service requests are failing. Which of the following is the BEST approach to resolve the issue? A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources. B. Check current licensed capacity and purchase additional licenses to add more users. C. Check the DHCP scope and increase the number of available IP addresses by extending the pool. D. Check the rate-of-load increase to determine if the cloud capacity boundary has been exceeded and enable bursting to the pubic cloud.
A. Check compute, storage, and networking utilization in the dashboard and increase capacity by adding more resources.
A private cloud customer is considering using the public cloud to accommodate the peak utilization workload. Which of the following would be considered the ideal scaling solution? A. Cloud bursting B. Load balancing C. Horizontal scaling D. Vertical scaling
A. Cloud bursting
A cloud architect is tasked with isolating traffic between subnets in an IaaS platform. The networks should be able to statefully communicate with each other. Given this scenario, which of the following should the architect implement? A. Configure security groups. B. Configure HIPS policies. C. Configure IDS policies. D. Configure a network ACL.
A. Configure security groups.
A cloud engineer deployed an email server in a public cloud. Users can access the email server, but the emails they send cannot reach their destinations. Which of the following should the cloud engineer do FIRST? A. Confirm the email server configuration and reinstall the email server software. B. Validate the security certificate for the email domain. C. Confirm email encryption service. D. Consult the cloud vendor's anti-spam policy.
A. Confirm the email server configuration and reinstall the email server software.
Before doing a change on a VM, a systems administrator wants to ensure there is an easy and fast way to rollback if needed. The change and testing should take approximately two hours. Which of the following is the EASIEST way to meet this requirement? A. Create a snapshot on the hypervisor. B. Make an on-demand, incremental backup to a VTL. C. Make an on-demand, full backup to a secondary location. D. Create a snapshot on a remote storage array.
A. Create a snapshot on the hypervisor.
A customer wants to schedule a backup job that compares and saves changes from the last full backup. Which of the following backup types should be used? A. Differential B. Full C. Clone D. Incremental
A. Differential
An administrator is deploying a new application platform with the following resource utilization: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_24_Image_0001.jpg Company policy requires that no resource utilization surpasses 80%. Which of the following resources will need to be upgraded prior to deployment? A. Disk B. IOPS C. CPU D. Network E. RAM
A. Disk
A small clinic is moving its health and accounting systems to a SaaS solution. The clinic holds patient- and business-sensitive information. Which of the following is the company expected to do to protect its data? A. Document, configure, and enforce strong account management policies. B. Disable and document unneeded ports and protocols on the SaaS servers. C. Install antivirus and disable unneeded services on all SaaS servers. D. Harden the underlying infrastructure: servers, firewalls, and load balancers.
A. Document, configure, and enforce strong account management policies.
A company is implementing a SaaS solution with a large user base. SaaS solution licensing is user based, and user management is critical to keep the cost in check. Which of the following is the MOST efficient way to meet this requirement? A. Have the administrator of the SaaS solution keep track of user activities. B. Have a nightly upload to the SaaS provider of the current user base based on API call. C. Have users remove their SaaS accounts when they no longer need the service. D. Have a weekly user management script maintain the SaaS user base.
A. Have the administrator of the SaaS solution keep track of user activities.
A cloud administrator is analyzing usage trends for a website housed within an IaaS cloud platform. The administrator notices that traffic and visitors to the site quadrupled from the normal baseline during the holiday season. The environment has a load balancer that uses standardized VMs to host the applications. Given this scenario, which of the following would be the MOST efficient, provide no downtime, and address the temporary spike in traffic? A. Implement an upward vertical scaling solution. B. Implement a downward vertical scaling solution. C. Implement an inward horizontal scaling solution. D. Implement an outward horizontal scaling solution.
A. Implement an upward vertical scaling solution.
A cloud-based web store is experiencing poor website performance and unavailability. Which of the following approaches would prevent the issue without administrator intervention? A. Install and deploy a load balancer in the front of the web server. B. Increase the computing resources to the web server. C. Increase the network's bandwidth to handle the spike. D. Partner with a cloud provider to scale the required resources as needed.
A. Install and deploy a load balancer in the front of the web server.
A company security policy mandates education and training for new employees. The policy must outline acceptable use policies for SaaS applications. Given these requirements, which of the following security controls is BEST suited? A. Preventive B. Detective C. Corrective D. Physical
A. Preventive
A cloud administrator is configuring a bastion host. The bastion host will be used to administer systems in the cloud remotely from the administrator\\'s on-premises desktop. The administrator is given the following requirements: Ensure port 22 is open on the host and only allow the public IP of the on-premises router/firewall. Ensure port 3389 is open on the host and only allow the public IP of the on-premises router/firewall. Harden these services with PKI (where applicable). Given this scenario, which of the following should the administrator utilize to BEST address these requirements? (Select THREE). A. RDP protocol from the desktop to the bastion host B. Telnet protocol from the desktop to the bastion host C. SSH protocol from the desktop to the bastion host D. MD5 and RC4 with a signed certificate E. RSA and AES with a signed certificate F. Blowfish and SHA-1 with a signed certificate G. VNC protocol from the desktop to the bastion host
A. RDP protocol from the desktop to the bastion host C. SSH protocol from the desktop to the bastion host E. RSA and AES with a signed certificate
A cloud administrator is looking at business requirements that specify the data available at the disaster recovery site must not be more than 24 hours old. Which of the following metrics correctly relates to these requirements? A. RTO B. MTBF C. MTTR D. RPO
A. RTO
A system's application servers need to be patched. The requirements for maintenance work are as follows: ▪ System downtime is not allowed. ▪ The application server in use must be in the sane patch status. ▪ System performance must be maintained during patching work. ▪ Testing after patching must be done before the application server is in use. ▪ If any trouble occurs, recover the previous version in ten minutes. Which of the following methodologies should be selected? A. Rolling update B. Patching directly C. Blue-green deployment D. Three staging environments
A. Rolling update
After monthly patching, a large number of users who are logged onto the network report that application links from a company's intranet site, which previously opened directly into the website, are now prompting for logon information. Application administrators confirm that the websites in question-are working properly. Which of the following is the MOST likely cause of the new behavior? A. SSO issues B. Password expiration C. Account lockout D. Certificate expiration
A. SSO issues
An engineer is configuring the monitoring for a new application server. During the day, the CPU on the server is baselined at approximately 30% utilization. At midnight, a batch job is scheduled to run that will drive the CPU utilization up to 75% for approximately an hour. Any time the CPU utilization is at 40% or higher for longer than ten minutes, administrators will receive an alert. Which of the following is the BEST method to ensure administrators do not experience message fatigue due to false alerts? A. Set a different threshold during the batch peak time. B. Increase the alert time threshold to 65 minutes. C. Increase the alert utilization threshold to 80%. D. Manually disable monitoring during the batch job.
A. Set a different threshold during the batch peak time.
A company has been migrating a significant number of its on-premises applications to various SaaS providers. The IT department has noticed the following: 1. User account management has become challenging. 2. User account compromises have increased. 3. Accessing various SaaS applications is challenging. Which of the following should the IT security department implement to BEST resolve the issue? (Select THREE). A. Single sign-on B. Multifactor authentication C. Network intrusion prevention system D. Password synchronization E. Federation F. IPSec tunnel to the SaaS providers G. VPN to SaaS providers
A. Single sign-on B. Multifactor authentication E. Federation
A VM was deleted by mistake today at 11:05 a.m. Below are the backups currently available for the VM: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_61_Image_0001.jpg Crash-consistent restore is acceptable. Which of the following backups should be chosen? A. Snapshot from today at 11:00 B. Full from three days ago at 00:00 C. Incremental from today at 00:00 D. Synthetic-full from yesterday at 12:00
A. Snapshot from today at 11:00
A cloud administrator is provisioning several user accounts that have administrator rights to assets using JSON within an IaaS cloud platform. The administrator is required to configure "alternate" settings using the API. Given this scenario, which of the following elements would allow the administrator to meet these requirements in the JSON file? A. Statement B. Effect C. Resource D. Condition
A. Statement
A customer wants a cloud systems administrator to adjust the backup schedule after month-end to ensure the data can be restored as fast as possible while minimizing the time needed to perform the backup. Which of the following backup types should be scheduled? A. Synthetic full B. Incremental C. Differential D. Full
A. Synthetic full
A cloud provider is evaluating an insider threat. A resource from the company operations team has access to the servers' virtual disks. This poses a risk that someone could copy and move the virtual server image and have access to the data. Which of the following solutions would help mitigate this problem? A. Tokenization B. Encryption C. Virtual firewall D. Hashing
A. Tokenization
A development team released a new version of an application and wants to deploy it to the cloud environment with a faster rollback and minimal downtime. Which of the following should the cloud administrator do to achieve this goal? A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat theprocess. B. Deploy the application to the PROD cloud environment and the previous version to QA. To switch to the previous version, promote the QA environment to PROD. C. Deploy the application to a subset of servers in the environment and route traffic to these servers. To switch to the previous version, change the route to thenon-updated servers. D. Deploy the application to a staging environment and force a failover to this environment. To restore the previous version, create a backup and restore fromthe previous night's backup.
A. Use a rolling deployment to update all the servers in the PROD cloud environment with the new application. To switch to the previous version, repeat the process.
The CSA needs to install a patch on 58 virtual server instances during the Friday evening maintenance window. Which of the following is the MOST efficient way to get the patches installed? A. Use the patch management tool to automate and orchestrate the patch installation. B. Use a security vulnerability scanning tool to apply the patch automatically. C. Schedule the patch to install from a remote file server upon server reboot. D. Connect the server instances to the Internet to download the patch automatically.
A. Use the patch management tool to automate and orchestrate the patch installation.
IaaS users are reporting longer than expected wait times when accessing the virtual file repository. There are more than 2TB of free disk space, and vCPU and vRAM do not reach more than 75% utilization. In which of the following ways should the cloud systems administrator analyze this issue? A. Access the cloud services portal and increase the amount of available disk space by 25%. B. Access the cloud services portal and check the amount of CPU and RAM on the host machine. C. Access the cloud services portal and look at the historical performance numbers. D. Access the cloud services portal and check the security log for access denied requests.
B. Access the cloud services portal and check the amount of CPU and RAM on the host machine.
A company's security policy requires full disk encryption on all clients with preboot enabled. The encryption server is hosted, and the requirement is to push an update to all endpoints. Which of the following is the BEST method to test and apply the update with minimal disruption to end users? A. Access the API of the encryption server, develop a custom script, and then update all endpoints. B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints. C. Add the update to the standard desktop configuration image, apply the update to a test VM, and then reimage clients. D. Access the web UI of the encryption server and disable preboot, apply the update, test, and then deploy the update to all endpoints.
B. Access the web UI portal of the encryption server, apply the update to the test group, validate, and then update all endpoints.
A cloud engineer notices on a dashboard that the host is close to reaching maximum capacity for the CPU and memory in the cloud environment, which could cause performance issues. The cloud environment has 100 servers, with 25% of the servers consuming their compute only during peak business hours, 25% consuming half of the allocated resources, and the remaining 50% using the compute during off hours. Which of the following should the engineer perform to optimize the efficiency of the compute usage in the cloud? A. Add additional CPUs and RAM to the host that is serving the cloud. B. Adjust the cloud workload by migrating resource-intensive applications to different hosts. C. Add additional hosts to the environment using the cloud management tool. D. Enable automatic scaling in the cloud management tool.
B. Adjust the cloud workload by migrating resource-intensive applications to different hosts.
A company changed its policy to have seven-year data retention in the public cloud. Which of the following would be the MOST cost-effective way to meet retention requirements? A. Site mirroring B. Automated archiving C. Replication D. Third-party sites
B. Automated archiving
The following three hosts are being put into a virtualization cluster for a new project initiative: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_68_Image_0001.jpg As more VMs are deployed to the cluster, which of the following virtualization technologies is MOST likely to report an error with this configuration? A. High availability B. Ballooning C. Memory overcommitment D. Hyperthreading
B. Ballooning
A cloud service administrator is consuming PaaS services and is performing baseline configuration tests. Which of the following is part of the PaaS consumer's responsibility with respect to the baseline confirmation tests? A. Application versions B. CPU utilization C. RAM utilization D. Operating system versions
B. CPU utilization
A security and risk team requires a weekly report to detect VM file system changes and validate the integrity of the OS. Which of the following is the BEST solution for this requirement? A. Configure a FIM agent on the VM and forward syslogs to a central location. B. Configure debugging on the VM and forward syslogs to a central location. C. Configure an antivirus agent on the VM and create the report through the web GUI. D. Configure a FIM agent on the VM and create the report through the web GUI.
B. Configure debugging on the VM and forward syslogs to a central location.
After deploying multiple copies of database servers, data scrambling is started on them to anonymize user data. A few minutes later, the systems administrator receives multiple complaints regarding the performance of other VMs. CPU and memory have been eliminated as possible bottlenecks. Which of the following should be verified NEXT as a possible bottleneck? A. Storage array B. Database drivers C. Hardware load balancer D. Internet connection speed
B. Database drivers
A cloud administrator is required to implement a solution to handle data-at-rest encryption requirements for a database. Which of the following would BEST satisfy the requirements? A. Install an SSL certificate and only allow secure connections to the server. B. Enable two-factor authentication on connections to the database server and log activities. C. Activate memory encryption on the virtual server and store the certificates remotely. D. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it.
B. Enable two-factor authentication on connections to the database server and log activities.
A software solution must be deployed based on the most granular access level. Which of the following methods should be used to meet the requirements? A. Group B. RBAC C. File-based D. LDAP
B. RBAC
A company uses SaaS and IaaS solutions from multiple cloud providers. Users report that this requires them to manage and remember multiple user accounts and passwords. Which of the following solutions should be implemented to fix this issue? A. SSO B. Federation C. Password synchronization D. Lowered password complexity E. Multifactor authentication
B. Federation
A company wants to take advantage of cloud benefits while retaining control of and maintaining compliance with all its security policy obligations. Based on the non-functional requirements, which of the following should the company use? A. Hybrid cloud, as use is restricted to trusted customers B. IaaS, as the cloud provider has a minimal level of security responsibility C. PaaS, as the cloud customer has the most security responsibility D. SaaS, as the cloud provider has less security responsibility
B. IaaS, as the cloud provider has a minimal level of security responsibility
Performance on a new private cloud deployment is not meeting expectations. An engineer has determined the virtualization host is experiencing high ready/wait times. VMs with the following configurations and metrics currently reside on the host: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_71_Image_0001.jpg Which of the following troubleshooting choices would MOST likely be used to bring the high ready/wait times to meet the expected baseline? A. Decrease the CPU count for VM1. B. Increase the memory size for VM2. C. Decrease the memory size for VM3. D. Increase the CPU count for VM4.
B. Increase the memory size for VM2.
A company is migrating some of its consumer-facing services to a cloud provider. The company has been getting more customers since its competitors have gone bankrupt. Which of the following actions would BEST meet the company's increased resource needs? A. Increase the company's network bandwidth to 10Gbps. B. Install additional load balancers. C. Deploy additional web servers to the cloud. D. Deploy a local database within the company's datacenter.
B. Install additional load balancers.
A large finance firm processes three times as many transactions in December of each year. The transactions are processed in a private cloud. Management wants to avoid adding permanent resources to accommodate the single month increase. Which of the following is the BEST way to meet the need? A. Migrate all transaction processing to a public cloud and size capacity for the largest seasonal needs. B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure. C. Determine usage patterns over time and virtualize the processing traffic to give room for seasonal changes in resource demand. D. Determine usage patterns for the seasonal capacity needs and add physical resources to allow additional processing.
B. Keep current capacity for processing, but implement cloud bursting to auto scale the resources without having to invest in infrastructure.
After scheduled network maintenance, users report that an externally hosted web application is particularly slow to load. Small items on the page load such as text documents and markup, but larger multimedia files do not load. Which of the following is the MOST likely cause of the reported issues? A. Incorrect MTU in the network segment B. Misconfiguration of QoS settings C. Incorrect VLAN for the affected PCs D. Excessive latency on the local LAN segment
B. Misconfiguration of QoS settings
An organization is replacing its internal human resources system with a SaaS-based application. The solution is multi-tenant, and the organization wants to ensure ubiquitous access while preventing password replay attacks. Which of the following would BEST help to mitigate the risk? A. Implement destination resources authentication. B. Require and implement two-factor authentication. C. Remove administrator privileges from users' laptops. D. Combine network authentication and physical security in one card/token.
B. Require and implement two-factor authentication.
Worldwide users from an organization are experiencing intermittent access to a global cloud application. The cloud provider availability dashboard shows all resource availability has been 100% in the last two weeks. No network outages have been reported. Which of the following should the organization's administrator do BEFORE calling the cloud provider? A. Check the firewall rules on the headquarters site. B. Restart the application and applicable services. C. Allow all traffic at the cloud provider side from any private IP address. D. Evaluate the DNS to ensure all configurations are correct.
B. Restart the application and applicable services.
A company is looking for a hardware feature with the least amount of downtime in terms of firmware upgrades. Which of the following features BEST meet this requirement? A. In-service upgrades B. Rolling upgrades C. Failover upgrades D. User-mode upgrades
B. Rolling upgrades
A cloud administrator is integrating account logins with Facebook, LinkedIn, and Twitter for marketing and to increase market presence using social media platforms. Given this scenario, which of the following components are needed to match these requirements? (Select TWO). A. SOAP B. SAML assertion C. Security token D. Identity provider E. Session state
B. SAML assertion E. Session state
The CASB report indicates several unsanctioned SaaS applications are being used in an organization. Which of the following is the MOST likely cause? A. VPN bypass B. Shadow IT C. Web proxy bypass D. CAB approval
B. Shadow IT
A cloud administrator wants to apply patches in an isolated copy of the production virtual server to assess the impact. Which of the following activities would BEST achieve this objective? A. Clustering B. Snapshot C. Image backup D. Cloning
B. Snapshot
A public cloud provider recently updated one of its services to provide a new type of application load balancer. The cloud administrator is tasked with building out a proof-of-concept using this new service type. The administrator sets out to update the scripts and notices the cloud provider does not list the load balancer as an available option type for deploying this service. Which of the following is the MOST likely reason? A. The administrator can deploy the new load balancer via the cloud provider's web console. B. The administrator needs to update the version of the CLI tool. C. The administrator needs to write a new script function to call this service. D. The administrator is not using the correct cloud provider account.
B. The administrator needs to update the version of the CLI tool.
A cloud administrator updates the syslog forwarder configuration on a local server in production to use a different port. The development team is no longer receiving the audit logs from that server. However, the security team can retrieve and search the logs for the same server. Which of the following is MOST likely the issue? A. The development team is not looking at the correct server when querying for the logs. B. The security team has greater permissions than the development team. C. The audit logging service has been disabled on the server. D. The development team's syslog server is configured to listen on the wrong port.
B. The security team has greater permissions than the development team.
A cloud administrator is tasked with ensuring redundancy and high availability of an IaaS cloud platform environment. The administrator is given the following requirements: Two web servers must share the same configurations and service client connections evenly. Two database servers must share data and configurations, with only one being used at a time. Given the above, which of the following should the administrator propose to BEST meet these requirements? (Select TWO). A. The web server should be configured with a round-robin DNS with a CNAME record. B. The web server should be configured with a load balancer with a virtual IP address. C. The database server should be configured as an active-active cluster. D. The database server should be configured as an active-passive cluster. E. The availability aspect of the request does not currently exist in the IaaS cloud platform. F. The redundancy aspect of the request does not currently exist in the IaaS cloud platform.
B. The web server should be configured with a load balancer with a virtual IP address. D. The database server should be configured as an active-passive cluster.
In an IaaS model, to which of the following methodologies would the client apply a list of OS patches, assuming approval from CAB has been given? A. Using a patch management system, identify the hypervisor type, select a group of hypervisors to be patched, and perform a rolling application of patches. B. Using a patch management system, identify the guests that require patching, and select and apply the patches. C. Using a patch management system, identify the applications needing the patch, select the required application in a patch management console, and applythe patches. D. Using a patch management system, identify the services that require patching, and select and apply the patches.
B. Using a patch management system, identify the guests that require patching, and select and apply the patches.
Which of the following is the BEST way to ensure accounts in a cloud environment are disabled as soon as they no longer need to be active? A. Have the user contact the cloud systems administrator to disable the account when it is no longer needed. B. When users leave the company, ensure an account disablement request is initiated and will be fulfilled in less than four hours. C. Have accounts checked by the cloud systems administrator once per day to ensure active accounts are still valid. D. Reboot directory services servers once a day to ensure all account disablement requests are committed.
B. When users leave the company, ensure an account disablement request is initiated and will be fulfilled in less than four hours.
A company uses its own private cloud, which has few available resources. Mission-critical systems and other information systems are running on it. A new system will be deployed on the private cloud. The following tests are included in the test plan: ▪ Load test (2h) ▪ Backup/restore test (6h) ▪ Functional test (8h) ▪ Failover test (1h) The work schedule of the existing system is shown below. https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_36_Image_0001.jpg To minimize the effect to the existing system, which of the following schedules is MOST suitable for the load test? A. 02:00-04:00 B. 09:00-12:00 C. 18:00-20:00 D. 22:00-00:00
C. 18:00-20:00
An administrator defines a backup as follows: One weekly full backup Daily incremental backup Which of the following BEST describes where the administrator would define this? A. Backup SLA document B. Backup orchestration workflow C. Backup schedule D. Provisioning schedule
C. Backup schedule
Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords. Which of the following should the cloud administrator do to protect potential account compromise? A. Forward the email to the systems team distribution list and provide the compromised user list. B. Click on the URL link to verify the website and enter false domain credentials. C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated. D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.
C. Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.
Email users report that it takes more than one minute to open emails, including those without attachments. There are three email instances in three different regions hosted by the same CSP. Other applications hosted by the same CSP have no reported issues. Which of the following solutions BEST resolves the issue? A. Confirm that the email instances have sufficient bandwidth. B. Install monitoring software on the email instances. C. Check the antivirus software settings and disable real-time message scanning. D. Ensure the requested IOPS are being provided to the email instances.
C. Check the antivirus software settings and disable real-time message scanning.
A cloud administrator is adding several accounts for new development team interns. These interns will need access to some, but not all, of the resources and will only be working over the summer. Which of the following user provisioning techniques should be used? A. Create a single account for the interns to share. Set the expiration date for the account to six months. B. Create a role labeled "interns" with the appropriate permissions. Create a separate account with an expiration date for each intern and add each intern to thatrole. C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each accountindividually. D. Create individual accounts for each intern, set the permissions and expiration date for each account, and link them to a temporary guests user group.
C. Create one template user account with the appropriate permissions and use it to clone the other accounts. Set an expiration date for each account individually.
A file server is being migrated from physical hardware into a private cloud. Baselining of the server shows the disks average 90% full at all times. The contents of the file server consist mostly of compressed audio files. Multiple copies of the same files are often saved in different locations on the same disk. Which of the following storage technologies is MOST likely to help minimize storage utilization when moving this server to the private cloud? A. Compression B. Thin provisioning C. Deduplication D. Tokenization
C. Deduplication
A cloud administrator for a state government agency is tasked with giving access to the voter registration application to a government agency in another state. Only authorized officials from each state should access the application. These agencies have a common environment where applications have been deployed in the past. Which of the following should the cloud administrator do to give access to the application? A. Deploy part of the application into a public cloud and establish secure connections to a private cloud environment. B. Deploy the application to a community cloud that is shared with multiple state government agencies only. C. Deploy the application to a public cloud and implement ACLs and security access policies to limit access. D. Deploy the application to the state's private cloud and give authentication credentials to the other state's authorized officials.
C. Deploy the application to a public cloud and implement ACLs and security access policies to limit access.
A cloud service provider wants to offer hardened virtual server images for provisioning purposes. This will enable users to use only the operating system services that are allowed by the provider. Which of the following tasks are MOST appropriate for the hardening process? (Select TWO). A. Disable automatic updates. B. Disable the command prompt. C. Disable unneeded ports and services. D. Disable the local administrator account. E. Disable the remote desktop connection. F. Disable complex passwords.
C. Disable unneeded ports and services. D. Disable the local administrator account.
A company has an SLA of 15ms for storage latency. https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_60_Image_0001.jpg Given the above metrics, which of the following is the MOST appropriate change to the environment? A. Add computing nodes and data nodes on the storage side. B. Add more storage shelves to the current array. C. Enable compression on the storage side. D. Enable deduplication on the storage side.
C. Enable compression on the storage side.
Which of the following would be appropriate when considering inbound access security for a web-based SaaS solution? A. Antivirus/anti-malware B. IPSec C. Firewall D. Obfuscation
C. Firewall
A business is demanding faster IT services turnaround from its IT groups. The current lead time between request and delivery is three weeks for a task that would take a competitor two days. An architect is asked to develop a solution to reduce the lead time of the request while ensuring adherence to the company policies. Which of the following is the BEST approach to achieve the stated objective? A. Document the desired state, complete a root cause analysis, and execute the flow. B. Revise the schedule, implement a waterfall methodology, and flatten the network. C. Identify deficiencies, optimize change management, and automate the workflow. D. Follow the company policies, execute the flow, and document results.
C. Identify deficiencies, optimize change management, and automate the workflow.
The InfoSec team has directed compliance database activity monitoring without agents on a hosted database server in the public IaaS. Which of the following configurations is needed to ensure this requirement is achieved? A. Configure the agent configuration file to log to the syslog server. B. Configure sniffing mode on database traffic. C. Implement built-in database tracking functionality. D. Implement database encryption and secure copy to the NAS.
C. Implement built-in database tracking functionality.
A cloud administrator works for an online gaming company that is hosting its multiplayer servers in a public IaaS cloud. The following metrics are reported during a controlled beta test: RAM usage 80% Bandwidth usage 50% Average ping 800ms The beta test shows poor performance for gamers. Which of the following should the cloud administrator implement FIRST to improve the gamers' experience? A. Scale the deployment of multiplayer servers by doubling the number of VMs. B. Increase network bandwidth on the multiplayer servers. C. Increase the RAM on the multiplayer servers. D. Deploy multiplayer servers in public cloud locations closer to the user base.
C. Increase the RAM on the multiplayer servers.
A software company recently moved all of its development testing to a public cloud environment. The company primarily uses IaaS to deploy and test its code. The company needs the software developers to be more agile and efficient when testing application code. Which of the following backup types should the developers use to BEST ensure the speedy recovery of a system if it is damaged? A. Snapshots B. Full C. Incremental D. Differential
C. Incremental
A cloud administrator is securing access to a VM using an IaaS cloud platform. The administrator must perform this task using an automated method, allow administrators to perform any method and expose any property of the VM, deny access for everyone else, and allow only read-only access to everyone else. Given this scenario, which of the following should the administrator use to BEST meet these requirements? A. jQuery B. JavaScript C. Java D. JSON
C. Java
A cloud service company is proposing a solution to a major sporting venue. The solution offers 99.999% availability during special events, which is proven through specialized testing. Which of the following techniques should be applied to confirm the high availability claimed by the company? (Select TWO.) A. Vulnerability testing B. Penetration testing C. Load testing D. Failover testing E. Integration testing
C. Load testing D. Failover testing
A company is deploying a new instant messaging app to allow for communications with external vendors. Each entity will host its own version of the application, but users must be able to talk between the companies. Which of the following security techniques would MOST likely be used to allow this to happen? A. User synchronization B. Password synchronization C. Public federation D. Multifactor authentication
C. Public federation
A CSA needs to bring a client's public cloud site online at another location in the same region after a disaster. The RPO is eight hours, and the RTO is four hours. Which of the following is the BEST way to accomplish this goal? A. Restore the site at the new location within six hours by using backups from the failed public cloud site from eight hours earlier. Switch users from the failedsite to the online regional public cloud site. B. Restore the site at the new location within two hours by using backups from the failed public cloud site from two hours earlier. Switch users from the failedsite to the online regional public cloud site. C. Restore the site at the new location within eight hours by using backups from the failed public cloud site from six hours earlier. Switch users from the failedsite to the online regional public cloud site. D. Restore the site at the new location within four and half hours by using backups from the failed public cloud site from a half hour earlier. Switch users fromthe failed site to the online regional public cloud site.
C. Restore the site at the new location within eight hours by using backups from the failed public cloud site from six hours earlier. Switch users from the failedsite to the online regional public cloud site.
A customer recently provisioned a new server on the IaaS. The IP address assigned from the pool resolves to another hostname. Some user traffic is being dumped or is causing slowness because of this issue. Which of the following maintenance activities does the provider need to perform to prevent this issue? A. Use cloud provider tools to remove orphaned resources. B. Initiate resource reclamation. C. Run a script to remove stale DNS entries. D. Update outdated security firewall configurations.
C. Run a script to remove stale DNS entries.
Joe, a systems administrator, deployed a computer and storage for a system and took it to the application team. The next day, the application team claimed the database was slow. The deployment request, result, and current utilization data are shown below. https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_44_Image_0001.jpg Which of the following descriptions of the situation is correct? A. The deployment was done with the wrong memory configuration. B. The deployment was unsuccessful due to the cloud failure. C. The deployment was successful, but the capacity planning was inaccurate. D. The deployment was done with the wrong storage parameter.
C. The deployment was successful, but the capacity planning was inaccurate.
In an IaaS environment, the security team issues a new signature file to prevent specific malware threats from infiltrating the company network. Which of the following describes where the security team should deploy the updated signatures? A. IDS B. Spam filter C. WAF D. NIPS E. HIPS
C. WAF
A user has submitted a ticket to request additional VMs due to long wait times for online ordering. Given the snapshot of the resources in the table below: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_69_Image_0001.jpg Which of the following is the BEST option for the administrator to resolve the ticket? A. Add vCPU to the database server to increase capacity. B. Add disks to the database server to increase capacity. C. Add virtual network ports to the web server to increase capacity. D. Add memory to the web server to increase capacity.
D. Add memory to the web server to increase capacity.
A university is running a DNA decoding project that will take seven years if it runs on its current internal mainframe. The university negotiated a deal with a large cloud provider, which will donate its cloud resource to process the DNA decoding during the low peak time throughout the world. Which of the following is the MOST important resource the university should ask the cloud provider to donate? A. A large storage for the DNA decoding results B. A larger pipe to transfer the results C. A closer datacenter to the university D. Any available compute resource
D. Any available compute resource
A cloud deployment engineer is modifying versions of the existing template image to instantiate new VMs. The engineer accomplishes this through the cloud self-service portal. After the version is changed and a new VM is successfully started, it does not have any connectivity, and all ping tests to other VMs fail. Which of the following would be the BEST approach to solve the problem? A. Start the console session to the VM; check network static routes; test the ping to default gateway and next hop; and reconfigure the gateway IP. B. Delete the VM; create a new flavor; turn on network service; add the new image to the template manager; and reinstantiate the VM using this new image. C. Delete the VM; check the IP assignment and planning; modify configuration in the deployment template; and instantiate the VM again using the new template. D. Assign new IPs to the newly created VMs by changing and running the deployment template; and check the connectivity on the cloud self-service portal afterward.
D. Assign new IPs to the newly created VMs by changing and running the deployment template; and check the connectivity on the cloud self-service portal afterward.
A company wants to leverage a SaaS provider for its back-office services, and security is paramount. Which of the following solutions should a cloud engineer deploy to BEST meet the security requirements? A. Firewall B. IPS/IDS C. Proxy gateway D. CASB
D. CASB
A cloud administrator has deployed a new all-flash storage array with deduplication and compression enabled, and moved some of the VMs into it. The goal was to achieve 4:1 storage efficiency while maintaining sub-millisecond latency. Which of the following results would BEST suit the requirements? A. Compression 1:1Deduplication 4:1 Overall savings 4:1 Average latency 1.0ms B. Compression 1.5:1Deduplication 1.8:1 Overall savings 2.2:1 Average latency 600us C. Compression 1.3:1Deduplication 3.1:1 Overall savings 4.3:1 Average latency 900us D. Compression 1.8:1Deduplication 2.7:1 Overall savings 4.2:1 Average latency 1.2ms
D. Compression 1.8:1Deduplication 2.7:1 Overall savings 4.2:1 Average latency 1.2ms
A newly established CSP allows for drive shipping to upload new data into the environment. Sensitive data on 40TB of storage needs to be transferred within one week. Which of the following is the MOST efficient and secure method for shipment of the data to the CSP with minimal downtime? A. Create a VPN between the sites and schedule data transfer during non-business hours. B. Copy the data to encrypted drives and use the CSP-certified shipping provider. C. Compress and SFTP the data to the CSP. D. Move the data to encrypted drives and use the CSP-certified shipping provider.
D. Move the data to encrypted drives and use the CSP-certified shipping provider.
Cloud administrator uses a script to automatically restart all the servers running in the public cloud provider environment, which hosts e-commerce applications. The administrator decides to implement the same script for a similar environment that hosts the finance applications. After verifying the script is deployed to the public cloud environment for finance, the administrator schedules a job to run at 9:00 a.m. After 9:00 a.m., the administrator receives a report from the e-commerce team that the application is experiencing outages. Which of the following should the administrator do to resolve the issue? A. Update the version of the CLI tool for the public cloud provider. B. Copy the script up to a bastion host in the environment and run it from there. C. Validate the access credentials for the cloud provider are correct. D. Debug the script and modify it to remove the flawed logic.
D. Debug the script and modify it to remove the flawed logic.
A business is planning to migrate from a private cloud to a public cloud. To document business continuity, which of the following should be done FIRST? A. Develop a disaster recovery plan with partners/third parties. B. Define the set of application-based SLAs. C. Identify HA technology to provide failover. D. Define the scope of requirements.
D. Define the scope of requirements.
A software development company is building cloud-ready applications and needs to determine the best approach for releasing software. Which of the following approaches should be used? A. Perform QA, develop, test, and release to production B. Test, perform QA, develop, and release to production C. Develop, perform QA, test, and release to production D. Develop, test, perform QA, and release to production
D. Develop, test, perform QA, and release to production
A new private cloud platform is being deployed by an engineer. SLA requirements state that any clusters should have a baseline redundancy sufficient to handle the failure of at least two hosts. The engineer records the following metrics after the deployment: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_57_Image_0001.jpg Which of the following metrics is MOST likely to represent a violation of SLA? A. RAM utilization B. NIC utilization C. CPU utilization D. Disk utilization
D. Disk utilization
A consultant is helping a large company migrate its development environment to a public cloud provider. The developers are working on a VDI solution. The development tools that employees utilize require greater control of the OS environment. Which of the following cloud types should the consultant implement? A. SaaS B. PaaS C. Bare metal service D. IaaS
D. IaaS
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution? A. Implement file-level encryption. B. Implement a network ACL. C. Implement an IPS. D. Implement content filtering.
D. Implement content filtering.
A technician receives a report of system utilization: https://vceguide.com/wp-content/uploads/2019/08/CompTIA-CV0-002-date-01-06-2019-00001_Page_27_Image_0001.jpg Which of the following additional resources should the technician add FIRST given the trend data shown above? A. CPU B. Disk C. Bandwidth D. RAM
D. RAM
A hospital is deploying a web-based application in its private cloud to service multiple facilities in a region. This application is used by employees of the hospital, as well as the patients and their families. Which of the following security configurations is MOST likely to be deployed to secure the information from the application? A. IPSec B. PPTP C. L2TP D. SSL/TLS
D. SSL/TLS
A company is implementing a launchpad within an existing application that will point to an existing SaaS provider. One of the requirements is the user should not have to log on multiple times. SSO is in place. When the launchpad is used, the user is redirected to SaaS providers as designed, but is asked for login credentials. Which of the following is the MOST likely cause of this issue? A. Users do not exist within the SaaS provider. B. Group permissions are incorrect. C. Users do not exist in directory services. D. The federation is failing.
D. The federation is failing.
A cloud administrator has configured a connection between two virtual private cloud environments at a public cloud provider that are each in different accounts. The administrator has configured the accounts correctly so they can connect to each other's resources. Both cloud environments have policies that allow anyone from 0.0.0.0/0 on TCP port 22. The following table shows the network configuration information: Finance: -IP Range: 10.250.40.0/24 -Server IP Address: 10.250.40.100 Sales: -IP Range: 10.250.48.0/24 -Server IP Address: 10.250.48.214 However, the administrator is unable to establish an SSH connection from a server in 10.250.40.100 to 10.250.48.214. Which of the following is the MOST likely issue? A. The network ACL is not configured to allow SSH access. B. The IP configuration on one of the servers is incorrect. C. The administrator does not have sufficient credentials. D. The routing tables have not been updated correctly.
D. The routing tables have not been updated correctly.
A cloud administrator has finished building a virtual server template in a public cloud environment. The administrator is now cloning six servers from that template. Each server is configured with one private IP address and one public IP address. After starting the server instances, the cloud administrator notices that two of the servers do not have a public IP address. Which of the following is the MOST likely cause? A. The maximum number of public IP addresses has already been reached. B. The two servers are not attached to the correct public subnet. C. There is no Internet gateway configured in the cloud environment. D. The two servers do not have enough virtual network adapters attached.
D. The two servers do not have enough virtual network adapters attached.
After deploying new VMs, the systems administrator notices it is not possible to connect to them using network credentials; however, local accounts work. After logging in, the administrator notices the NTP servers are not set. Which of the following is MOST likely causing this issue? A. Directory services requires the use of NTP servers. B. The VMs are insufficiently licensed. C. There is a directory services outage. D. There is a time synchronization issue.
D. There is a time synchronization issue.
A company upgraded a hosted vulnerability scanner to the latest version, and now tickets are not being created to assign critical vulnerabilities. After confirming the ticketing issue, all the scanning services are confirmed to be running on the VM. Which of the following is the MOST likely cause and best method to fix the issue? A. There was an IP change to the VM. Make changes to the server properties. B. The upgrade has a bug Reboot the server and attempt the upgrade again. C. The vulnerability scanner is on a different subnet. Open the ports, and it will reconnect. D. There is an application compatibility issue. Roll back to the previous working backup.
D. There is an application compatibility issue. Roll back to the previous working backup.
A critical new security update has been released to fix an identified zero-day vulnerability with the SSH server process. Due to its severity, all development and staging servers must have this update applied immediately. Which of the following is the FASTEST way for the administrator to apply the patch and ensure all systems are configured consistently? A. Shut down all servers and use the server provisioning tools to deploy new ones that have the latest patch applied. B. Create a master inventory list of servers that must be patched. Log in to each server and deploy the patch, making sure to check off each server on the list. C. Use the existing tooling to clone the existing servers. Update each clone with the latest patch and shut down the original system. D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
D. Update the set of configuration management scripts to include the latest patch. Execute these scripts against a master inventory of servers.
A technician is configuring a new web application to be highly available. The technician has configured multiple web servers in different availability zones at a public cloud provider. The application requires users to be directed to the same server each time they visit. Which of the following network components is MOST likely to accomplish this? A. Network firewall B. Intrusion prevention system C. Global load balancer D. Virtual private network
D. Virtual private network
Ann. a user, has tried to connect to a VM hosted in a private cloud using her directory services credentials. After three attempts, she realizes the keyboard was set to German instead of English, and she was typing "z" instead of "y". After fixing this issue, Ann is still unable to log in; however, other users can access the VM. Which of the following is the MOST likely cause? A. The default language on Ann's computer is German. B. The account was locked. C. Directory services are offline. D. There is an account mismatch. E. The account localization settings are incorrect.
E. The account localization settings are incorrect.