Free CV0-004 Sample Questions — CompTIA Cloud+

A cross-site request forgery vulnerability exploited a web application that was hosted in a public IaaS network. A security engineer determined that deploying a WAF in blocking mode at a CDN would prevent the application from being exploited again. However, a week after implementing the WAF, the application was exploited again. Which of the following should the security engineer do to make the WAF control effective?

• A. Configure the DDoS protection on the CDN
• B. Install endpoint protection software on the VMs
• C. Add an ACL to the VM subnet
• D. Deploy an IDS on the IaaS network

Once a change has been made to templates, which of the following commands should a cloud architect use next to deploy an IaaS platform?

• A. git pull
• B. git fetch
• C. git commit
• D. git push

A cloud developer resigned from an organization and gave a two-week notice. Within the first week since the developer resigned, a security analyst identifies large volumes of file downloads to the developer’s laptop from the source code repository. Which of the following security controls would be the best way to mitigate the organization’s risk of data loss?

• A. Implementing a policy to stop cloud developers from sharing passwords
• B. Preventing cloud developers from accessing the source code repository
• C. Updating outbound firewall rules to block the cloud developer’s IP address
• D. Blocking internet access for employees that resign from the organization
• E. Prohibiting files on the local drive from being transferred to USB drives

A critical security patch is required on a network load balancer in a public cloud. The organization has a major sales conference next week, and the Chief Executive Officer does not want any interruptions during the demonstration of an application behind the load balancer. Which of the following approaches should the cloud security engineer take?

• A. Ask the management team to delay the conference
• B. Apply the security patch after the event
• C. Ask the upper management team to approve an emergency patch window
• D. Apply the security patch immediately before the conference

A video surveillance system records road incidents and stores the videos locally before uploading them to the cloud and deleting them from local storage. Which of the following best describes the nature of the local storage?

• A. Persistent
• B. Ephemeral
• C. Differential
• D. Incremental

A DevOps engineer is performing maintenance on the mail servers for a company’s web application. Part of this maintenance includes checking core operating system updates. The servers are currently running version 3.2 of the operating system. The engineer has two update options—one to version 4.1 and the other to version 3.7. Both versions are fully supported by the operating system manufacturer. Which of the following best describes the action the engineer should take?

• A. Upgrade to 3.7 in the development environment
• B. Upgrade to 4.1 on one production server at a time
• C. Read the release notes on version 4.1
• D. Schedule a maintenance window and upgrade to 3.7 in the production environment

A cloud developer is creating a static website that customers will be accessing globally. Which of the following services will help reduce latency?

• A. VPC
• B. Application load balancer
• C. CDN
• D. API gateway

A company’s content management system (CMS) service runs on an IaaS cluster on a public cloud. The CMS service is frequently targeted by a malicious threat actor using DDoS. Which of the following should a cloud engineer monitor to identify attacks?

• A. Network flow logs
• B. Endpoint detection and response logs
• C. Cloud provider event logs
• D. Instance syslog

A company wants to optimize cloud resources and lower the overhead caused by managing multiple operating systems. Which of the following compute resources would be best to help to achieve this goal?

• A. VM
• B. Containers
• C. Remote desktops
• D. Bare-metal servers

A cloud administrator shortens the amount of time a backup runs. An executive in the company requires a guarantee that the backups can be restored with no data loss. Which of the following backup features should the administrator test for?

• A. Encryption
• B. Retention
• C. Schedule
• D. Integrity

Which of the following types of releases best describes the update made to a code repository production release when it changes from version 1.0 to version 1.1?

• A. Alpha
• B. Beta
• C. Minor
• D. Major

Which of the following container commands implements network port mapping?

• A. $docker run –it myimage –e /bin/port 8080
• B. $docker run myimage:port
• C. $docker run –it –p 1-65535 myimage –e netstat 8080
• D. $docker run –it –p 80:8080 myimage

A developer sends multiple requests to a SaaS application in a short amount of time. The developer realizes that the entire server and all other users can no longer send requests to the application. Which of the following best describes the issue?

• A. Service quotas
• B. API rate limiting
• C. Full outage
• D. Regional service availability

A cloud consultant needs to modernize a legacy application that can no longer address user demand and is expensive to maintain. Which of the following is the best migration strategy?

• A. Retain
• B. Rehost
• C. Refactor
• D. Replatform

A cloud engineer needs to deploy a new version of a web application to 100 servers. In the past, new version deployments have caused outages. Which of the following deployment types should the cloud engineer implement to prevent the outages from happening this time?

• A. Rolling
• B. Blue-green
• C. Canary
• D. Round-robin

A cloud engineer is selecting a model for a data center that will host a workload. The database must reside within the data center on the company's SAN solution. However, the workload will be hosted by a third-party vendor. Which of the following models should the cloud engineer select to meet these requirements?

• A. Community
• B. Hybrid
• C. Public
• D. Private

A healthcare provider contacts a MSP about moving an on-premises infrastructure to the cloud. Which of the following requirements are most important for the MSP to consider when migrating this customer? (Choose two.)

• A. Security
• B. Cost
• C. Availability
• D. Storage
• E. Compliance
• F. Compute

A security analyst confirms a zero-day vulnerability was exploited by hackers who gained access to confidential customer data and installed ransomware on the server. Which of the following steps should the security analyst take? (Choose two.)

• A. Contact the customers to inform them about the data breach
• B. Contact the hackers to negotiate payment to unlock the server
• C. Send a global communication to inform all impacted users
• D. Inform the management and legal teams about the data breach
• E. Delete confidential data used on other servers that might be compromised
• F. Modify the firewall rules to block the IP addresses and update the ports

A customer relationship management application, which is hosted in a public cloud IaaS network, is vulnerable to a remote command execution vulnerability. Which of the following is the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?

• A. IPS
• B. ACL
• C. DLP
• D. WAF

Which of the following files should be used to install software with a package manager?

• A. package.json
• B. package.zip
• C. package.deb
• D. package.tar