Leading CV0-003 Question For CompTIA Cloud+ Certification Exam Certification

NEW QUESTION 1

A systems administrator has been notified of possible illegal activities taking place on the network and has been directed to ensure any relevant emails are preserved for court use.
Which of the following is this MOST likely an example of?

• A. Email archiving
• B. Version control
• C. Legal hold
• D. File integrity monitoring

Answer: C

Explanation:
The correct answer is C. Legal hold.
A legal hold is a process that organizations use to preserve relevant electronic information when they anticipate litigation or have an active e-discovery request. A legal hold requires that certain email messages be retained and unaltered until they are no longer required for court use. Legal hold requirements apply both to the content of messages as well as the metadata which can provide proof of delivery and other critical non-repudiation information12.
Email archiving is a process that organizations use to store email messages for long-term retention, compliance, and backup purposes. Email archiving does not necessarily imply that the email messages are preserved for legal purposes, although some email archiving solutions may offer legal hold capabilities1.
Version control is a process that software developers use to manage changes to source code and other files in a project. Version control allows developers to track, compare, and revert changes, as well as collaborate with other developers. Version control does not apply to email messages or legal hold.
File integrity monitoring is a process that security professionals use to detect unauthorized or malicious changes to files and directories on a system. File integrity monitoring helps to protect the system from malware, data breaches, and configuration errors. File integrity monitoring does not apply to email messages or legal hold.

NEW QUESTION 2

A non-critical file on a database server was deleted and needs to be recovered. A cloud administrator must use the least disruptive restoration process to retrieve the file, as the database server cannot be stopped during the business day. Which of the following restoration methods would best accomplish this goal?

• A. Alternate location
• B. Restore from image
• C. Revert to snapshot
• D. In-place restoration

Answer: D

Explanation:
In-place restoration is the process of restoring data to the same location where it was originally stored, without affecting the rest of the system. This method is suitable for recovering non-critical files that were accidentally deleted, as it does not require stopping the server or creating a new instance. In contrast, alternate location, restore from image, and revert to snapshot are more disruptive methods that involve creating a new copy of the data or the entire system, which may affect the performance or availability of the
server. References: CompTIA Cloud+ CV0-003 Certification Study Guide, Chapter 20, Backup and Restore Operations, page 3211.

NEW QUESTION 3

A company is deploying a public cloud solution for an existing application using lift and shift. The requirements for the applications are scalability and external access. Which of the following should the company implement? (Select TWO).

• A. A load balancer
• B. SON
• C. A firewall
• D. SR-IOV
• E. Storage replication
• F. A VPN

Answer: AF

Explanation:
The best options to implement for a public cloud solution for an existing application using lift and shift that requires scalability and external access are a load balancer and a VPN (virtual private network). A load balancer is a device or service that distributes incoming traffic across multiple servers or instances based on various criteria, such as availability, capacity, or performance. A load balancer can improve scalability by balancing the workload and optimizing resource utilization. A VPN is a technology that creates a secure and encrypted connection over a public network, such as the internet. A VPN can provide external access by allowing remote users or sites to connect to the cloud resources as if they were on the same private network. Reference: CompTIA Cloud+ Certification Exam Objectives, Domain 1.0 Configuration and Deployment, Objective 1.4 Given a scenario, execute a provided deployment plan.

NEW QUESTION 4

A systems administrator is attempting to gather information about services and resource utilization on VMs in a cloud environment. Which of the following will best accomplish this objective?

• A. Syslog
• B. SNMP
• C. CMDB
• D. Service management
• E. Performance monitoring

Answer: E

Explanation:
Performance monitoring is a technique that collects and analyzes data about the services and resource utilization on VMs in a cloud environment. Performance monitoring can help the systems administrator to gather information about the CPU, memory, disk, network, and application performance of the VMs, as well as identify any bottlenecks, errors, or anomalies that may affect the cloud service quality. Performance monitoring can be implemented using various tools or agents that can collect and report the performance metrics from the VMs to a centralized dashboard or console. Performance monitoring can also help the systems administrator to optimize, troubleshoot, and plan the cloud resources and services. References: CompTIA Cloud+ CV0-003 Certification Study Guide, Chapter 5, Objective 5.1: Given a scenario, monitor cloud resources and services.

NEW QUESTION 5

An organization suffered a critical failure of its primary datacenter and made the decision to switch to the DR site. After one week of using the DR site, the primary datacenter is now ready to resume operations.
Which of the following is the MOST efficient way to bring the block storage in the primary datacenter up to date with the DR site?

• A. Set up replication.
• B. Copy the data across both sites.
• C. Restore incremental backups.
• D. Restore full backups.

Answer: A

Explanation:
Reference: https://www.ibm.com/docs/en/cloud-pak-system-w3550/2.3.3?topic=system- administering-block-storage-replication
Setting up replication is the most efficient way to bring the block storage in the primary datacenter up to date with the DR site after a critical failure. Replication is a process of copying data from one location to another in real-time or near real-time. Replication can be synchronous or asynchronous, depending on the latency and bandwidth requirements. Replication can ensure data consistency and availability across multiple sites and facilitate faster recovery.

NEW QUESTION 6

A company is preparing a hypervisor environment to implement a database cluster. One of the requirements is to share the disks between the nodes of the cluster to access the same LUN. Which of the following protocols should the company use? (Choose two.)

• A. CIFS
• B. FTP
• C. iSCSI
• D. RAID 10
• E. NFS
• F. FC

Answer: CF

Explanation:
These are the protocols that should be used to share the disks between the nodes of a database cluster to access the same LUN (Logical Unit Number). A LUN is an identifier that represents a logical unit of storage, such as a disk, partition, volume, etc., that can be accessed by a host system or device. To share the disks between the nodes of a cluster, the following protocols can be used:
✑ iSCSI (Internet Small Computer System Interface): This is a protocol that allows SCSI commands to be sent over IP networks. iSCSI can enable block-level storage access over a network, which means that the host system or device can access the storage as if it were a local disk.
✑ FC (Fibre Channel): This is a protocol that provides high-speed and low-latency data transfer over optical fiber cables. FC can also enable block-level storage access over a network, which means that the host system or device can access the storage as if it were a local disk.

NEW QUESTION 7

A DevOps administrator is building a new application slack in a private cloud. This application will store sensitive information and be accessible from the internet. Which of the following would be MOST useful in maintaining confidentiality?

• A. NAC
• B. IDS
• C. DLP
• D. EDR

Answer: C

Explanation:
The most useful tool in maintaining confidentiality for a new application stack that will store sensitive information and be accessible from the internet is data loss prevention (DLP). DLP is a type of security solution that monitors and controls the flow of data in and out of a system or network. It can detect and prevent unauthorized access, transmission, or leakage of sensitive data, such as personal information, financial records, or intellectual property. DLP can also enforce encryption, masking, or deletion of sensitive data to protect its confidentiality. Reference: CompTIA Cloud+ Certification Exam Objectives, Domain 2.0 Security, Objective 2.5 Given a scenario, apply data security techniques in the cloud.

NEW QUESTION 8

A company would like to migrate its current on-premises workloads to the public cloud. The current platform requires at least 80 instances running at all times to work properly. The company wants the workload to be highly available, even if the cloud provider loses one region due to a catastrophe, and the costs to be kept to a minimum. Which of the following strategies should the company implement?

• A. Create /25 subnets in two regions and run 80 instances on each one.
• B. Create /26 subnets in two regions and run 40 instances on each one.
• C. Create /26 subnets in three regions and run 40 instances on each one.
• D. Create /26 subnets in three regions and run 80 instances on each one.

Answer: B

Explanation:
The best strategy to migrate the current on-premises workloads to the public cloud for the company that requires at least 80 instances running at all times and wants the workload to be highly available and cost-effective is to create /26 subnets in two regions and run 40 instances on each one. A /26 subnet can accommodate up to 62 hosts, which is enough for 40 instances. By creating subnets in two regions, the company can achieve high availability and redundancy in case one region fails due to a catastrophe. By running 40 instances on each subnet, the company can meet the minimum requirement of 80 instances and also save on costs by avoiding overprovisioning or underutilization of resources. Reference: What is VPN? How It Works, Types of VPN - Kaspersky

NEW QUESTION 9

A security audit related to confidentiality controls found the following transactions occurring in the system:
GET
http://gateway.securetransaction.com/privileged/api/v1/changeResource?id=123&user=277 Which of the following solutions will solve the audit finding?

• A. Using a TLS-protected API endpoint
• B. Implementing a software firewall
• C. Deploying a HIDS on each system
• D. Implementing a Layer 4 load balancer

Answer: A

Explanation:
Reference: https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet
.html
The audit finding is related to confidentiality, which means the data should be protected from unauthorized access. The current API endpoint is using HTTP, which is not secure and can expose the data in transit. Using a TLS-protected API endpoint would encrypt the data and prevent anyone from reading it. Reference: CompTIA Cloud+ Certification Exam Objectives, Domain 2.0 Security, Objective 2.1 Given a scenario, apply security configurations and compliance controls to meet cloud security requirements.

NEW QUESTION 10

A cloud security engineer needs to ensure authentication to the cloud pro-vider console is secure. Which of the following would BEST achieve this ob-jective?

• A. Require the user's source IP to be an RFC1918 address.
• B. Require the password to contain uppercase letters, lowercase letters, numbers, and symbols.
• C. Require the use of a password and a physical token.
• D. Require the password to be ten characters long.

Answer: C

Explanation:
A password and a physical token are two factors of authentication that can provide a higher level of security than a password alone. A physical token is a device that generates a one-time code or password that the user must enter along with their password to access the cloud provider console. This is an example of multi-factor authentication (MFA), which requires the user to present two or more pieces of evidence to prove their identity. MFA can prevent unauthorized access even if the password is compromised, as the attacker would also need to have the physical token to log in.

NEW QUESTION 11

Some VMs that are hosted on a dedicated host server have each been allocated with 32GB of memory. Some of VMs are not utilizing more than 30% of the allocation. Which of the following should be enabled to optimize the memory utilization?

• A. Auto-scaling of compute
• B. Oversubscription
• C. Dynamic memory allocations on guests
• D. Affinity rules in the hypervisor

Answer: C

Explanation:
Enabling dynamic memory allocations on guests is the best option to optimize memory utilization for VMs that have been allocated with 32GB of memory but are not utilizing more than 30% of it. Dynamic memory allocation is a feature that allows a VM to adjust its memory usage according to its workload and demand, without requiring a reboot or manual intervention. Dynamic memory allocation can help to improve memory utilization and efficiency by allocating more memory to VMs that need it and releasing memory from VMs that do not need it.

NEW QUESTION 12

A systems administrator is deploying a solution that includes multiple network I/O-intensive VMs. The solution design requires that vNICs of the VMs provide low-latency, near-native performance of a physical NIC and data protection between the VMs. Which of the following would BEST satisfy these requirements?

• A. SR-IOV
• B. GENEVE
• C. SDN
• D. VLAN

Answer: A

Explanation:
SR-IOV (Single Root Input/Output Virtualization) is what would best satisfy the requirements of low-latency, near-native performance of a physical NIC and data protection between VMs for multiple network I/O-intensive VMs. SR-IOV is a technology that allows a physical NIC to be partitioned into multiple virtual NICs that can be assigned to different VMs. SR-IOV can provide the following benefits:
✑ Low-latency: SR-IOV can reduce latency by bypassing the hypervisor and allowing direct communication between the VMs and the physical NIC, without any overhead or interference.
✑ Near-native performance: SR-IOV can provide near-native performance by allowing the VMs to use the full capacity and functionality of the physical NIC, without any emulation or translation.
✑ Data protection: SR-IOV can provide data protection by isolating and securing the network traffic between the VMs and the physical NIC, without any exposure or leakage.

NEW QUESTION 13

A cloud administrator would like to deploy a cloud solution to its provider using automation techniques. Which of the following must be used? (Choose two.)

• A. Auto-scaling
• B. Tagging
• C. Playbook
• D. Templates
• E. Containers
• F. Serverless

Answer: CD

Explanation:
Playbook and templates are two things that must be used to deploy a cloud solution to its provider using automation techniques. A playbook is a file or script that defines a set of tasks or actions to be executed on one or more cloud resources or systems. A playbook can automate and standardize the deployment and configuration of cloud solutions using tools such as Ansible, Chef, Puppet, etc. A template is a preconfigured image or blueprint of a cloud resource or system that contains an OS, applications, settings, etc., that can be used to create new resources or systems quickly and consistently. A template can simplify and speed up the deployment of cloud solutions using tools such as AWS CloudFormation, Azure Resource Manager, Google Cloud Deployment Manager, etc.

NEW QUESTION 14

Which of the following are advantages of a public cloud? (Select TWO).

• A. Full control of hardware
• B. Reduced monthly costs
• C. Decreased network latency
• D. Pay as you use
• E. Availability of self-service
• F. More secure data

Answer: BD

Explanation:
The correct answers are B and D.
* B. Reduced monthly costs: One of the main advantages of public cloud is that it lowers the costs of IT infrastructure and maintenance for the customers. They do not need to purchase, install, or manage any hardware or software, and they only pay for the resources they use. This can result in significant savings compared to owning and operating a private cloud or an on-premise data center1234
* D. Pay as you use: Another benefit of public cloud is that it offers a flexible and scalable pricing model based on the actual usage of the customers. They can adjust their resource consumption according to their changing needs and demands, and only pay for what they use. This eliminates the need for upfront capital investment or long-term contracts, and allows customers to optimize their spending and performance1234

NEW QUESTION 15

A cloud engineer recently set up a container image repository. The engineer wants to ensure that downloaded images are not modified in transit. Which of the following is the best method to achieve this goal?

• A. SHA-256
• B. IPSec
• C. AES-256
• D. MD5
• E. serpent-256

Answer: A

Explanation:
SHA-256 is the best method to ensure that downloaded images are not modified in transit. SHA-256 is a type of cryptographic hash function that can generate a unique and fixed- length digest for any input data. The digest can be used to verify the integrity and
authenticity of the data, as any modification or tampering of the data would result in a different digest. SHA-256 is more secure and reliable than MD5, which is an older and weaker hash function that has been proven to be vulnerable to collisions and attacks12. AES-256 and serpent-256 are types of encryption algorithms, not hash functions, and they are used to protect the confidentiality of the data, not the integrity. IPSec is a network security protocol that can use encryption and hashing to secure data in transit, but it is not a method by itself

NEW QUESTION 16

An organization is implementing a new requirement to facilitate users with faster downloads of corporate application content. At the same time, the organization is also expanding cloud regions.
Which of the following would be suitable to optimize the network for this requirement?

• A. Implement CDN for overall cloud application
• B. Implement auto-scaling of the compute resources
• C. Implement SR-IOV on the server instances
• D. Implement an application container solution

Answer: C

Explanation:

Reference: https://access.redhat.com/documentation/en- us/red_hat_openstack_platform/13/html/ network_functions_virtualization_planning_and_configuration_guide/part-sriov-nfv- configuration

NEW QUESTION 17

A systems administrator is responding to an outage in a cloud environment that was caused by a network-based flooding attack. Which of the following should the administrator configure to mitigate the attack?

• A. NIPS
• B. Network overlay using GENEVE
• C. DDoS protection
• D. DoH

Answer: C

Explanation:
A DDoS (distributed denial-of-service) attack is a type of network-based flooding attack that aims to overwhelm a target server or network with a large volume of traffic from multiple sources, making it unavailable or slow for legitimate users. According to the web search results, DDoS protection is a service or a solution that can detect and mitigate DDoS attacks by filtering out malicious traffic and allowing only legitimate traffic to pass through .
A NIPS (network intrusion prevention system) is a device or a software that can monitor, detect, and block malicious activity on a network, such as unauthorized access, malware, or policy violations. However, a NIPS may not be effective against DDoS attacks, as it can also be overwhelmed by the flood of traffic and fail to distinguish between legitimate and malicious requests.
A network overlay using GENEVE (Generic Network Virtualization Encapsulation) is a protocol that can create virtual networks on top of physical networks, allowing different cloud environments to communicate with each other. However, a network overlay using GENEVE does not provide any protection against DDoS attacks, as it does not filter or block any traffic.
A DoH (DNS over HTTPS) is a protocol that can encrypt and secure DNS queries and responses over HTTPS, preventing eavesdropping or tampering by third parties. However, a DoH does not prevent DDoS attacks, as it does not affect the amount or the source of the traffic.

NEW QUESTION 18

A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance is very slow at the start of the workday, but the performance is fine during the rest of the day. Which of the following is the MOST likely cause of the issue? (Select TWO).

• A. Disk I/O limits
• B. Affinity rule
• C. CPU oversubscription
• D. RAM usage
• E. Insufficient GPI-J resources
• F. License issues

Answer: AC

Explanation:
The most likely causes of the issue are A. Disk I/O limits and C. CPU oversubscription. Disk I/O limits are the maximum amount of input/output operations per second (IOPS) that a disk can handle. CPU oversubscription is the ratio of virtual CPUs to physical CPUs in a host. Both of these factors can affect the performance of a VDI environment, especially during peak hours when many users log in and launch applications.
Disk I/O limits can cause slow boot times, application lags, and cursor freezes for VDI users12. To avoid this issue, it is recommended to use flash storage or SSDs for VDI workloads, as they have much higher IOPS than traditional hard disk drives31. It is also important to monitor the disk performance and adjust the disk size and configuration as needed1.
CPU oversubscription can also cause performance degradation for VDI users, as it can lead to CPU contention and increased latency42. To avoid this issue, it is recommended to limit the CPU oversubscription ratio to a reasonable level, such as 4:1 or lower42. It is also important to monitor the CPU utilization and balance the load across hosts as needed4.
The other options are less likely to cause the issue. Affinity rules are used to specify which virtual machines should run on which hosts or which virtual machines should not run on the same host. They are not related to the performance of VDI workloads. RAM usage can affect the performance of VDI workloads, but it is usually not a major factor during peak hours, as most users do not consume a lot of memory when they log in or launch applications. Insufficient GPU resources can affect the performance of VDI workloads that require high graphics processing, such as video streaming or 3D rendering, but they are not relevant for most VDI users. License issues can affect the availability of VDI workloads, but they are not related to the performance of VDI workloads.

NEW QUESTION 19
......