A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPsec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1:
– Analyze the configuration of the following components: DNS, Firewall 1, Firewall 2, Router 1, Router 2, VPN and Orchestrator Server.
– Identify the problematic device(s).
Part 2:
– Identify the correct options to provide adequate configuration for hybrid cloud architecture.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1:
Cloud Hybrid Network Diagram
Part 2:
Only select a maximum of TWO options from the multiple choice question
The problematic device is Router 2, which has an incorrect configuration for the IPSec tunnel. The IPSec tunnel is a secure connection between the on-premises datacenter and the cloud provider, which allows the traffic to flow between the two networks. The IPSec tunnel requires both endpoints to have matching parameters, such as the IP addresses, the pre-shared key (PSK), the encryption and authentication algorithms, and the security associations (SAs) .
According to the network diagram and the configuration files, Router 2 has a different PSK and a different address space than Router 1. Router 2 has a PSK of “1234567890”, while Router 1 has a PSK of “0987654321”. Router 2 has an address space of 10.0.0.0/8, while Router 1 has an address space of 192.168.0.0/16. These mismatches prevent the IPSec tunnel from establishing and encrypting the traffic between the two networks.
The other devices do not have any obvious errors in their configuration. The DNS provider has two CNAME records that point to the application servers in the cloud provider, with different weights to balance the load. The firewall rules allow the traffic from and to the application servers on port 80 and port 443, as well as the traffic from and to the VPN server on port 500 and port 4500. The orchestration server has a script that installs and configures the application servers in the cloud provider, using the DHCP server to assign IP addresses.
Part 2:
The correct options to provide adequate configuration for hybrid cloud architecture are:
Update the PSK in Router 2.
Change the address space on Router 2.
These options will fix the IPSec tunnel configuration and allow the traffic to flow between the on-premises datacenter and the cloud provider. The PSK should match the one on Router 1, which is “0987654321”. The address space should also match the one on Router 1, which is 192.168.0.0/16.
B. Update the PSK (Pre-shared key in Router2)
E. Change the Address Space on Router2
The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.
Refer to the application dataflow:
1A C The end user accesses the application through a web browser to enter and view clinical data.
2A C The CTM application server reads/writes data to/from the database server.
1B C The end user accesses the application through a web browser to run reports on clinical data.
2B C The CTM application server makes a SOAP call on a non-privileged port to the BI application server.
3B C The BI application server gets the data from the database server and presents it to the CTM application server.
When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: “Browser cannot display the webpage.” The QA team has raised a ticket to troubleshoot the issue.
INSTRUCTIONS
You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.
You should ensure the firewall rules are allowing only the traffic based on the dataflow.
You have already verified the external DNS resolution and NAT are working.
Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A DevOps administrator is automating an existing software development workflow. The administrator wants to ensure that prior to any new code going into production, tests confirm the new code does not negatively impact existing automation activities.
Which of the following testing techniques would be BEST to use?
- A . Usability testing
- B . Regression testing
- C . Vulnerability testing
- D . Penetration testing
B
Explanation:
Regression testing is a type of testing that ensures that new code or changes to existing code do not break or degrade the functionality of the software. Regression testing is often used in software development workflows to verify that new features or bug fixes do not introduce new errors or affect the performance of the software. Regression testing can help prevent negative impacts on existing automation activities by checking that the new code is compatible with the existing code and does not cause any unexpected failures or errors.
Reference: CompTIA Cloud+ Certification Exam
Objectives, page 19, section 4.1
Reference: https://www.softwaretestinghelp.com/regression-testing-tools-and-methods/
A marketing team is using a SaaS-based service to send emails to large groups of potential customers. The internally managed CRM system is configured to generate a list of target customers automatically on a weekly basis, and then use that list to send emails to each customer as part of a marketing campaign. Last week, the first email campaign sent emails successfully to 3,000 potential customers. This week, the email campaign attempted to send out 50,000 emails, but only 10,000 were sent.
Which of the following is the MOST likely reason for not sending all the emails?
- A . API request limit
- B . Incorrect billing account
- C . Misconfigured auto-scaling
- D . Bandwidth limitation
A
Explanation:
An API request limit is a restriction on the number of requests that can be made to a web service or application programming interface (API) within a certain time period. API request limits are often used by SaaS-based services to control the usage and traffic of their customers and prevent overloading or abuse of their resources. An API request limit can cause a failure to send all the emails if the marketing team exceeds the number of requests allowed by the SaaS-based service in a week. The service may reject or block any requests that go beyond the limit, resulting in fewer emails being sent than expected.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
Reference: https://developers.google.com/analytics/devguides/config/mgmt/v3/limits-quotas
A VDI administrator has received reports of poor application performance.
Which of the following should the administrator troubleshoot FIRST?
- A . The network environment
- B . Container resources
- C . Client devices
- D . Server resources
A
Explanation:
The network environment is the set of network devices, connections, protocols, and configurations that enable communication and data transfer between different systems and applications. The network environment can affect the performance of a virtual desktop infrastructure (VDI) by influencing factors such as bandwidth, latency, jitter, packet loss, and congestion. Poor network performance can result in slow or unreliable application delivery, degraded user experience, and reduced productivity. Therefore, troubleshooting the network environment should be the first step for a VDI administrator who receives reports of poor application performance.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 17, section 3.4
Due to a policy change, a few of a customer’s application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%.
Which of the following is the MOST likely cause?
- A . There is not enough vCPU assigned
- B . The application is not compatible with the new settings
- C . The new configuration is adding latency
- D . The memory of the VM is underallocated
C
Explanation:
Latency is the delay or time taken for data to travel from one point to another in a network or system. Latency can affect the performance of applications and processes that depend on fast and reliable data transfer. Synchronous replication is a method of data replication that ensures that data is written to two or more storage devices at the same time, providing high availability and consistency. However, synchronous replication can also introduce latency, as the write operation has to wait for the confirmation from all the replicated devices before completing. The new configuration of migrating some application VMs to synchronously replicated storage is most likely adding latency, which can lower the performance of the applications.
Reference: [CompTIA Cloud+ Certification Exam Objectives], page 10, section 1.5
An organization requires the following to be achieved between the finance and marketing departments:
✑ Allow HTTPS/HTTP.
✑ Disable FTP and SMB traffic.
Which of the following is the MOST suitable method to meet the requirements?
- A . Implement an ADC solution to load balance the VLAN traffic
- B . Configure an ACL between the VLANs
- C . Implement 802.1X in these VLANs
- D . Configure on-demand routing between the VLANs
B
Explanation:
An access control list (ACL) is a set of rules that defines which traffic is allowed or denied between different network segments or devices. An ACL can be used to filter traffic based on various criteria, such as source and destination addresses, ports, protocols, and applications. Configuring an ACL between the VLANs of the finance and marketing departments is the most suitable method to meet the requirements of allowing HTTPS/HTTP and disabling FTP and SMB traffic. An ACL can specify which ports and protocols are permitted or blocked between the VLANs, such as allowing port 80 (HTTP) and port 443 (HTTPS), and denying port 21 (FTP) and port 445 (SMB).
Reference: [CompTIA Cloud+ Certification Exam Objectives], page 15, section 2.8
A systems administrator is building a new virtualization cluster. The cluster consists of five virtual hosts, which each have flash and spinning disks. This storage is shared among all the virtual hosts, where a virtual machine running on one host may store data on another host.
This is an example of:
- A . a storage area network
- B . a network file system
- C . hyperconverged storage
- D . thick-provisioned disks
C
Explanation:
Hyperconverged storage is a type of storage architecture that combines compute, storage, and network resources into a single system or appliance. Hyperconverged storage uses software-defined storage (SDS) to pool and share the local storage of each node in the cluster, creating a distributed storage system that can be accessed by any node or virtual machine in the cluster. Hyperconverged storage can provide high performance, scalability, and efficiency for virtualized environments. The scenario of building a new virtualization cluster with five virtual hosts that share their flash and spinning disks among all the virtual hosts is an example of hyperconverged storage.
Reference: [CompTIA Cloud+ Certification Exam Objectives], page 9, section 1.4
A company is utilizing a private cloud solution that is hosted within its datacenter.
The company wants to launch a new business application, which requires the resources below:
The current private cloud has 30 vCPUs and 512GB RAM available. The company is looking for a quick solution to launch this application, with expected maximum sessions to be close to 24,000 at launch and an average of approximately 5,000 sessions.
Which of the following solutions would help the company accommodate the new workload in the SHORTEST amount of time and with the maximum financial benefits?
- A . Configure auto-scaling within the private cloud
- B . Set up cloud bursting for the additional resources
- C . Migrate all workloads to a public cloud provider
- D . Add more capacity to the private cloud
B
Explanation:
Cloud Bursting can be used for both compute and storage. This question is about compute capability. "Compute Bursting" unleashes the high-performance compute capabilities of the cloud for processing locally created datasets. (reference: https://www.ctera.com/it-initiatives/cloud-bursting/) https://azure.microsoft.com/en-us/overview/what-is-cloud-bursting/
A systems administrator recently upgraded the processors in a web application host. Upon the next login, the administrator sees a new alert regarding the license being out of compliance.
Which of the following licensing models is the application MOST likely using?
- A . Per device
- B . Per user
- C . Core-based
- D . Volume-based
C
Explanation:
Core-based licensing is a type of licensing model that charges based on the number of processor cores in a system or server. Core-based licensing is often used by software vendors to align their pricing with the performance and capacity of modern hardware. Core-based licensing can also enable customers to optimize their licensing costs by choosing the appropriate hardware configuration for their needs. Upgrading the processors in a web application host can affect the core-based licensing of the application, as it may increase the number of cores that need to be licensed. This can result in an alert regarding the license being out of compliance if the license is not updated accordingly.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 20, section 4.2
Reference: https://download.microsoft.com/download/3/d/4/3d42bdc2-6725-4b29-b75a-a5b04179958b/percorelicensing_definitions_vlbrief.pdf
A systems administrator is informed that a database server containing PHI and PII is unencrypted. The environment does not support VM encryption, nor does it have a key management system. The server needs to be able to be rebooted for patching without manual intervention.
Which of the following will BEST resolve this issue?
- A . Ensure all database queries are encrypted
- B . Create an IPSec tunnel between the database server and its clients
- C . Enable protocol encryption between the storage and the hypervisor
- D . Enable volume encryption on the storage
- E . Enable OS encryption
D
Explanation:
Volume encryption is a type of encryption that protects data at the storage level by encrypting an entire disk or partition. Volume encryption can provide strong security for data at rest, as it prevents unauthorized access to the data even if the storage device is lost, stolen, or compromised. Volume encryption can also support automatic booting without manual intervention, as it can use a pre-boot authentication mechanism that does not require user input. Enabling volume encryption on the storage is the best way to resolve the issue of having an unencrypted database server containing PHI and PII, as it can protect the sensitive data without relying on VM encryption or a key management system.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
An OS administrator is reporting slow storage throughput on a few VMs in a private IaaS cloud. Performance graphs on the host show no increase in CPU or memory. However, performance graphs on the storage show a decrease of throughput in both IOPS and MBps but not much increase in latency. There is no increase in workload, and latency is stable on the NFS storage arrays that are used by those VMs.
Which of the following should be verified NEXT?
- A . Application
- B . SAN
- C . VM GPU settings
- D . Network
D
Explanation:
The network is the set of devices, connections, protocols, and configurations that enable communication and data transfer between different systems and applications. The network can affect the performance of storage throughput by influencing factors such as bandwidth, latency, jitter, packet loss, and congestion. Poor network performance can result in low storage throughput in both IOPS and MBps, as it can limit the amount and speed of data that can be sent or received by the storage devices. Verifying the network should be the next step for troubleshooting the issue of slow storage throughput on a few VMs in a private IaaS cloud, as it can help identify and resolve any network-related problems that may be causing the issue.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 17, section 3.4
An organization has multiple VLANs configured to segregate the network traffic.
Following is the breakdown of the network segmentation:
✑ Production traffic (10.10.0.0/24)
✑ Network backup (10.20.0.0/25)
✑ Virtual IP network (10.20.0.128/25)
The following configuration exists on the server:
The backup administrator observes that the weekly backup is failing for this server.
Which of the following commands should the administrator run to identify the issue?
- A . ROUTE PRINT
- B . NETSTAT -A
- C . IPCONFIG /ALL
- D . NET SM
A
Explanation:
ROUTE PRINT is a command that displays the routing table of a system, which shows the destination network, the gateway, the interface, and the metric for each route. ROUTE PRINT can help identify
the issue of the weekly backup failing for this server, as it can show if there is a valid route to the network backup segment (10.20.0.0/25) from the production traffic segment (10.10.0.0/24). If there is no route or an incorrect route, the backup will fail to reach the destination. The administrator can use ROUTE PRINT to verify and troubleshoot the routing configuration of the server.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 16, section 3.2
Reference: https://www.toolbox.com/tech/operating-systems/blogs/using-the-route-print-command-in-windows-7-022310/
A systems administrator is configuring RAID for a new server. This server will host files for users and replicate to an identical server. While redundancy is necessary, the most important need is to maximize storage.
Which of the following RAID types should the administrator choose?
- A . 5
- B . 6
- C . 10
- D . 50
C
Explanation:
RAID 50 is a type of RAID level that combines RAID 5 and RAID 0 to create a nested RAID configuration. RAID 50 consists of two or more RAID 5 arrays that are striped together using RAID 0. RAID 50 can provide redundancy, fault tolerance, and high performance for large data sets. RAID 50 can also maximize storage, as it has a higher usable capacity than other RAID levels with similar features, such as RAID 6 or RAID 10. The administrator should choose RAID 50 to configure a new server that will host files for users and replicate to an identical server, as it can meet the needs of redundancy and storage maximization.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
Which of the following will mitigate the risk of users who have access to an instance modifying the system configurations?
- A . Implement whole-disk encryption
- B . Deploy the latest OS patches
- C . Deploy an anti-malware solution
- D . Implement mandatory access control
D
Explanation:
Mandatory access control (MAC) is a type of access control model that enforces strict security policies based on predefined rules and labels. MAC assigns security labels to subjects (users or processes) and objects (files or resources) and allows access only if the subject has the appropriate clearance and need-to-know for the object. MAC can mitigate the risk of users who have access to an instance modifying the system configurations, as it can prevent unauthorized or accidental changes to critical files or settings by restricting access based on predefined rules and labels.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A systems administrator recently deployed a VDI solution in a cloud environment; however, users are now experiencing poor rendering performance when trying to display 3-D content on their virtual desktops, especially at peak times.
Which of the following actions will MOST likely solve this issue?
- A . Update the quest graphics drivers from the official repository
- B . Add more vGPU licenses to the host
- C . Instruct users to access virtual workstations only on the VLAN
- D . Select vGPU profiles with higher video RAM
D
Explanation:
A vGPU profile is a configuration option that defines the amount of video RAM (vRAM) and other resources that are allocated to a virtual machine (VM) that uses a virtual graphics processing unit (vGPU). A vGPU profile can affect the rendering performance of a VM, as it determines how much graphics memory and processing power are available for displaying complex graphics content.
Selecting vGPU profiles with higher video RAM can most likely solve the issue of poor rendering performance when trying to display 3-D content on virtual desktops, especially at peak times, as it can provide more graphics resources and improve the quality and speed of rendering.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
An organization purchased new servers with GPUs for render farms. The servers have limited CPU resources.
Which of the following GPU configurations will be the MOST optimal for virtualizing this environment?
- A . Dedicated
- B . Shared
- C . Passthrough
- D . vGPU
C
Explanation:
Passthrough is a type of GPU configuration that allows a VM to directly access a physical GPU on the host system without any virtualization layer or sharing mechanism. Passthrough can provide optimal performance and compatibility for GPU-intensive applications, such as rendering or gaming, as it eliminates any overhead or contention caused by virtualization or sharing. Passthrough is also suitable for servers with limited CPU resources, as it reduces the CPU load and offloads the graphics processing to the GPU. Passthrough is the most optimal GPU configuration for virtualizing a new server with GPUs for render farms.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
A systems administrator needs to configure a set of policies to protect the data to comply with mandatory regulations.
Which of the following should the administrator implement to ensure DLP efficiently prevents the exposure of sensitive data in a cloud environment?
- A . Integrity
- B . Versioning
- C . Classification
- D . Segmentation
C
Explanation:
Classification is a process of assigning labels or categories to data based on its sensitivity, value, or risk level. Classification can help implement data loss prevention (DLP) policies by identifying which data needs to be protected and how to protect it according to its classification level. Classification can also help comply with mandatory regulations by ensuring that data is handled and stored appropriately based on its legal or contractual requirements. Classification is essential for DLP to efficiently prevent the exposure of sensitive data in a cloud environment.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A systems administrator wants to have near-real-time information on the volume of data being exchanged between an application server and its clients on the Internet.
Which of the following should the systems administrator implement to achieve this objective?
- A . A stateful firewall
- B . DLP
- C . DNSSEC
- D . Network flows
D
Explanation:
Network flows are records of network traffic that capture information such as source and destination IP addresses, ports, protocols, timestamps, and byte and packet counts. Network flows can provide near-real-time information on the volume of data being exchanged between a system and its clients on the Internet, as they can measure and monitor the amount and rate of network traffic for each connection or session. Network flows can also help analyze network performance, troubleshoot network issues, and detect network anomalies or security incidents. A systems administrator should implement network flows to achieve the objective of having near-real-time information on the volume of data being exchanged between an application server and its clients on the Internet.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 16, section 3.2
A company needs to rehost its ERP system to complete a datacenter migration to the public cloud.
The company has already migrated other systems and configured VPN connections.
Which of the following MOST likely needs to be analyzed before rehosting the ERP?
- A . Software
- B . Licensing
- C . Right-sizing
- D . The network
D
Explanation:
The network is the set of devices, connections, protocols, and configurations that enable communication and data transfer between different systems and applications. The network can affect the rehosting of an ERP system to complete a datacenter migration to the public cloud, as it can influence factors such as bandwidth, latency, availability, security, and compatibility. The network needs to be analyzed before rehosting the ERP system to ensure that the network requirements and specifications are met, the network performance and reliability are maintained or improved, and the network security and integrity are preserved or enhanced.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 18, section 3.5
A company wants to check its infrastructure and application for security issues regularly.
Which of the following should the company implement?
- A . Performance testing
- B . Penetration testing
- C . Vulnerability testing
- D . Regression testing
C
Explanation:
Vulnerability testing is a type of testing that identifies and evaluates the weaknesses or flaws in a system or application that could be exploited by attackers. Vulnerability testing can help check the infrastructure and application for security issues regularly, as it can reveal the potential risks and exposures that may compromise the confidentiality, integrity, or availability of the system or application. Vulnerability testing can also help remediate or mitigate the vulnerabilities by providing recommendations or solutions to fix or reduce them.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 19, section 4.1
Reference: https://pure.security/services/technical-assurance/external-penetration-testing/
A company that utilizes an IaaS service provider has contracted with a vendor to perform a penetration test on its environment. The vendor is able to exploit the virtualization layer and obtain access to other instances within the cloud provider’s environment that do not belong to the company.
Which of the following BEST describes this attack?
- A . VM escape
- B . Directory traversal
- C . Buffer overflow
- D . Heap spraying
A
Explanation:
VM escape is a type of attack that allows an attacker to break out of a virtual machine (VM) and access the host system or other VMs within the same cloud provider’s environment. VM escape can exploit the vulnerabilities in the virtualization layer or hypervisor that separates and isolates the VMs from each other and from the host system. VM escape can result in serious consequences, such as compromising the security and privacy of other customers’ data or resources, gaining unauthorized access to the cloud provider’s infrastructure or services, or launching further attacks on other systems or networks. VM escape best describes the attack that was performed by a vendor who was able to exploit the virtualization layer and obtain access to other instances within the cloud provider’s environment that do not belong to the company.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 19, section 4.1
Reference: https://whatis.techtarget.com/definition/virtual-machine-escape
A systems administrator would like to reduce the network delay between two servers.
Which of the following will reduce the network delay without taxing other system resources?
- A . Decrease the MTU size on both servers
- B . Adjust the CPU resources on both servers
- C . Enable compression between the servers
- D . Configure a VPN tunnel between the servers
A
Explanation:
The maximum transmission unit (MTU) is the largest size of a packet or frame that can be sent over a network. Decreasing the MTU size on both servers can reduce the network delay between them, as it can reduce the fragmentation and reassembly of packets, improve the transmission efficiency, and avoid packet loss or errors. Decreasing the MTU size can also avoid taxing other system resources, as it does not require additional CPU, memory, or disk resources.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 16, section 3.2
Reference: https://cseweb.ucsd.edu/~calder/papers/HPDC-01-DynComp.pdf
An administrator is performing an in-place upgrade on a quest VM operating system.
Which of the following can be performed as a quick method to roll back to an earlier state, if necessary?
- A . A configuration file backup
- B . A full backup of the database
- C . A differential backup
- D . A VM-level snapshot
D
Explanation:
A VM-level snapshot is a point-in-time copy of the state and data of a virtual machine (VM). A VM-level snapshot can be used as a quick method to roll back to an earlier state, if necessary, as it can restore the VM to the exact condition it was in when the snapshot was taken. A VM-level snapshot can be useful for performing an in-place upgrade on a guest VM operating system, as it can allow the administrator to revert to the previous operating system version in case of any issues or errors.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
Reference: https://cloud.google.com/compute/docs/tutorials/performing-in-place-upgrade-windows-server
After analyzing a web server’s logs, a systems administrator sees that users are connecting to the company’s application through HTTP instead of HTTPS. The administrator then configures a redirect from HTTP to HTTPS on the web server, and the application responds with a connection time-out message.
Which of the following should the administrator verify NEXT?
- A . The TLS certificate
- B . The firewall rules
- C . The concurrent connection limit
- D . The folder permissions
B
Explanation:
The firewall rules are the set of policies that define which traffic is allowed or denied between different network segments or devices. The firewall rules can affect the redirect from HTTP to HTTPS on the web server, as they can block or allow traffic based on ports and protocols. If the firewall rules are not configured properly to allow HTTPS traffic on port 443, the application may respond with a connection time-out message. The administrator should verify the firewall rules next to ensure that HTTPS traffic is permitted between the web server and its clients.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A systems administrator is configuring a storage array.
Which of the following should the administrator configure to set up mirroring on this array?
- A . RAID 0
- B . RAID 1
- C . RAID 5
- D . RAID 6
B
Explanation:
RAID 1 is a type of RAID level that creates an exact copy or mirror of data on two or more disks. RAID 1 can provide redundancy and fault tolerance, as it can survive the failure of one disk without losing any data. RAID 1 can also improve read performance, as it can access data from multiple disks simultaneously. The administrator should configure RAID 1 to set up mirroring on a storage array.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
A company has developed a cloud-ready application. Before deployment, an administrator needs to select a deployment technology that provides a high level of portability and is lightweight in terms of footprint and resource requirements.
Which of the following solutions will be BEST to help the administrator achieve the requirements?
- A . Containers
- B . Infrastructure as code
- C . Desktop virtualization
- D . Virtual machines
A
Explanation:
Containers are a type of deployment technology that packages an application and its dependencies into a lightweight and portable unit that can run on any platform or environment. Containers can provide a high level of portability and are lightweight in terms of footprint and resource requirements, as they do not need a full operating system or hypervisor to run. Containers can also enable faster and easier deployment, scaling, and management of cloud-based applications. Containers are the best solution to help the administrator achieve the requirements for deploying a cloud-ready application.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
Reference: https://blog.netapp.com/blogs/containers-vs-vms/
A global web-hosting company is concerned about the availability of its platform during an upcoming event. Web traffic is forecasted to increase substantially during the next week. The site contains mainly static content.
Which of the following solutions will assist with the increased workload?
- A . DoH
- B . WAF
- C . IPS
- D . CDN
D
Explanation:
A content delivery network (CDN) is a distributed network of servers that delivers web content to users based on their geographic location, origin server, and content delivery server. A CDN can assist with the increased workload caused by sudden continuous bursts of traffic, as it can reduce the load on the origin server by caching and serving static content from edge servers closer to the users. A CDN can also improve the performance and availability of web content delivery, as it can reduce latency, bandwidth consumption, and network congestion.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 12, section 2.2
Reference: https://www.globaldots.com/content-delivery-network-explained
An organization is hosting a cloud-based web server infrastructure that provides web-hosting solutions. Sudden continuous bursts of traffic have caused the web servers to saturate CPU and network utilizations.
Which of the following should be implemented to prevent such disruptive traffic from reaching the web servers?
- A . Solutions to perform NAC and DLP
- B . DDoS protection
- C . QoS on the network
- D . A solution to achieve microsegmentation
B
Explanation:
Distributed denial-of-service (DDoS) protection is a type of security solution that detects and mitigates DDoS attacks that aim to overwhelm or disrupt a system or service by sending large volumes of traffic from multiple sources. DDoS protection can prevent such disruptive traffic from reaching the web servers by filtering out malicious or unwanted traffic and allowing only legitimate traffic to pass through. DDoS protection can also help maintain the availability and functionality of web services and applications during a DDoS attack.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
Reference: https://blog.paessler.com/the-top-5-causes-of-sudden-network-spikes
A developer is no longer able to access a public cloud API deployment, which was working ten minutes prior.
Which of the following is MOST likely the cause?
- A . API provider rate limiting
- B . Invalid API token
- C . Depleted network bandwidth
- D . Invalid API request
A
Explanation:
API provider rate limiting is a restriction on the number of requests that can be made to a web service or application programming interface (API) within a certain time period. API provider rate limiting can cause a failure to access a public cloud API deployment, as it can reject or block any requests that exceed the limit. API provider rate limiting can be used by cloud providers to control the usage and traffic of their customers and prevent overloading or abuse of their resources. API provider rate limiting is the most likely cause for the developer being unable to access a public cloud API deployment that was working ten minutes prior.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
An organization is implementing a new requirement to facilitate users with faster downloads of corporate application content. At the same time, the organization is also expanding cloud regions.
Which of the following would be suitable to optimize the network for this requirement?
- A . Implement CDN for overall cloud application
- B . Implement auto-scaling of the compute resources
- C . Implement SR-IOV on the server instances
- D . Implement an application container solution
C
Explanation:
Reference: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html/network_functions_virtualization_planning_and_configuration_guide/part-sriov-nfv-configuration
Which of the following cloud deployment models allows a company to have full control over its IT infrastructure?
- A . Private
- B . Cloud within a cloud
- C . Hybrid
- D . Public
A
Explanation:
A private cloud is a type of cloud deployment model that provides cloud services exclusively to a single organization or tenant. A private cloud allows a company to have full control over its IT infrastructure, as it can customize, configure, manage, and secure its own cloud environment according to its specific needs and preferences. A private cloud can also offer higher performance, reliability, and privacy than other cloud deployment models, as it does not share resources or data with other customers.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 8, section 1.2
Reference: https://www.sciencedirect.com/topics/computer-science/private-cloud
A cloud administrator is designing a multiregion network within an IaaS provider.
The business requirements for configuring the network are as follows:
✑ Use private networking in and between the multisites for data replication.
✑ Use low latency to avoid performance issues.
Which of the following solutions should the network administrator use within the IaaS provider to connect multiregions?
- A . Peering
- B . Gateways
- C . VPN
- D . Hub and spoke
A
Explanation:
Peering is a type of network connection that allows two or more networks to exchange traffic directly without using an intermediary or a third-party service. Peering can help connect multiregions within an IaaS provider, as it can enable private networking in and between the multisites for data replication. Peering can also provide low latency, as it can reduce the number of hops and distance between the networks. Peering is the best solution for designing a multiregion network within an IaaS provider to support business requirements.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A company has decided to get multiple compliance and security certifications for its public cloud environment. However, the company has few staff members to handle the extra workload, and it has limited knowledge of the current infrastructure.
Which of the following will help the company meet the compliance requirements as quickly as possible?
- A . DLP
- B . CASB
- C . FIM
- D . NAC
B
Explanation:
A cloud access security broker (CASB) is a type of security solution that acts as a gateway between cloud service users and cloud service providers. A CASB can help a company get multiple compliance and security certifications for its public cloud environment, as it can provide visibility, control, and protection for cloud data and applications. A CASB can also help the company handle the extra
workload and overcome the limited knowledge of the current infrastructure, as it can automate and simplify the enforcement of security policies and compliance requirements across multiple cloud services.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
The human resources department was charged for a cloud service that belongs to another department. All other cloud costs seem to be correct.
Which of the following is the MOST likely cause for this error?
- A . Misconfigured templates
- B . Misconfigured chargeback
- C . Incorrect security groups
- D . Misconfigured tags
D
Explanation:
Tags are metadata or labels that can be assigned to cloud resources or services to identify and organize them based on various criteria, such as name, purpose, owner, or cost center. Tags can help track the costs for each business unit or department that uses cloud services, as they can enable granular and accurate billing and reporting based on the tags. Misconfigured tags can cause the issue of inaccurate cost tracking for different businesses, as they can result in incorrect or missing billing information or reports. The issue can be resolved by configuring the tags properly to reflect the correct business unit or department for each cloud resource or service.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A cloud administrator has finished setting up an application that will use RDP to connect. During testing, users experience a connection timeout error.
Which of the following will MOST likely solve the issue?
- A . Checking user passwords
- B . Configuring QoS rules
- C . Enforcing TLS authentication
- D . Opening TCP port 3389
D
Explanation:
TCP port 3389 is the default port used by Remote Desktop Protocol (RDP) to connect to a remote system or application over a network. Opening TCP port 3389 on the firewall or network device will most likely solve the issue of users experiencing a connection timeout error when trying to use RDP to connect to an application, as it will allow RDP traffic to pass through. If TCP port 3389 is closed or blocked, RDP traffic will be denied or dropped, resulting in a connection timeout error.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Reference: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/troubleshoot/rdp-error-general-troubleshooting
A company has a cloud infrastructure service, and the cloud architect needs to set up a DR site.
Which of the following should be configured in between the cloud environment and the DR site?
- A . Failback
- B . Playbook
- C . Zoning
- D . Replication
D
Explanation:
Replication is a process of copying or synchronizing data from one location to another to ensure consistency and availability. Replication can help set up a disaster recovery (DR) site for a cloud environment, as it can enable data backup and recovery in case of a failure or outage in the primary site. Replication can also improve performance and reliability, as it can reduce latency and load by distributing data across multiple sites. Replication should be configured between the cloud environment and the DR site to ensure data protection and continuity.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
A systems administrator notices that a piece of networking equipment is about to reach its end of support.
Which of the following actions should the administrator recommend?
- A . Update the firmware
- B . Migrate the equipment to the cloud
- C . Update the OS
- D . Replace the equipment
D
Explanation:
Replacing the equipment is the best action to take when a piece of networking equipment is about to reach its end of support. End of support means that the vendor or manufacturer will no longer provide technical assistance, updates, patches, or fixes for the equipment, which can affect its functionality, performance, security, and compatibility. Replacing the equipment with a newer model that has ongoing support can prevent any issues or risks associated with using outdated equipment.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 18, section 3.5
An organization has two businesses that are developing different software products. They are using a single cloud provider with multiple IaaS instances. The organization identifies that the tracking of costs for each business are inaccurate.
Which of the following is the BEST method for resolving this issue?
- A . Perform segregation of the VLAN and capture egress and ingress values of each network interface
- B . Tag each server with a dedicated cost and sum them based on the businesses
- C . Split the total monthly invoice equally between the businesses
- D . Create a dedicated subscription for the businesses to manage the costs
B
Explanation:
Tagging each server with a dedicated cost and summing them based on the businesses is the best method for resolving the issue of inaccurate cost tracking for different businesses that use multiple IaaS instances within a single cloud provider. Tagging can help identify and organize the servers based on various criteria, such as name, purpose, owner, or cost center. Tagging can also enable granular and accurate billing and reporting based on the tags. Summing the costs based on the businesses can help allocate and distribute the costs correctly and fairly among the different businesses.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A systems administrator disabled TLS 1.0 and 1.1, as well as RC4, 3DES, and AES-128 ciphers for TLS 1.2, on a web server. A client now reports being unable to access the web server, but the administrator verifies that the server is online, the web service is running, and other users can reach the server as well.
Which of the following should the administrator recommend the user do FIRST?
- A . Disable antivirus/anti-malware software
- B . Turn off the software firewall
- C . Establish a VPN tunnel between the computer and the web server
- D . Update the web browser to the latest version
D
Explanation:
Updating the web browser to the latest version is the first action that the user should do when experiencing a connection timeout error after the administrator configured a redirect from HTTP to HTTPS on the web server. Updating the web browser can ensure that it supports the latest security protocols and standards, such as TLS 1.2 or 1.3, which are required for HTTPS connections. If the web browser is outdated or incompatible with the security protocols or standards used by the web server, it may fail to establish a secure connection and result in a connection timeout error.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
An organization is running a database application on a SATA disk, and a customer is experiencing slow performance most of the time.
Which of the following should be implemented to improve application performance?
- A . Increase disk capacity
- B . Increase the memory and network bandwidth
- C . Upgrade the application
- D . Upgrade the environment and use SSD drives
D
Explanation:
Upgrading the environment and using solid state drives (SSDs) can improve application performance for a database application that is running on a serial advanced technology attachment (SATA) disk and experiencing slow performance most of the time. Upgrading the environment can involve updating or replacing the hardware, software, or network components that support the application to enhance their functionality, capacity, or compatibility. Using SSDs can provide faster and more reliable data access and storage than SATA disks, as they use flash memory instead of spinning disks to store data. SSDs can also reduce latency, power consumption, and heat generation.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
A company is switching from one cloud provider to another and needs to complete the migration as quickly as possible.
Which of the following is the MOST important consideration to ensure a seamless migration?
- A . The cost of the environment
- B . The I/O of the storage
- C . Feature compatibility
- D . Network utilization
C
Explanation:
Feature compatibility is the degree to which the features or functionalities of a system or application are compatible or interoperable with another system or application. Feature compatibility is the most important consideration to ensure a seamless migration from one cloud provider to another, as it can affect the performance, reliability, and security of the system or application in the new cloud environment. Feature compatibility can also help complete the migration as quickly as possible, as it can reduce or eliminate the need for reconfiguration, customization, or testing of the system or application after the migration.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 18, section 3.5
A company wants to implement business continuity, and the cloud solution architect needs to design the correct solution.
Which of the following will provide the data to measure business continuity? (Choose two.)
- A . A service-level agreement
- B . Automation scripts
- C . Playbooks
- D . A network diagram
- E . A backup and restore
- F . A recovery time objective
AF
Explanation:
A service-level agreement (SLA) is a contract or document that defines the level of service and performance expected from a service provider or vendor. A recovery time objective (RTO) is a metric that specifies the maximum acceptable time for restoring a system or service after a disruption or outage. Both SLA and RTO can provide the data to measure business continuity, as they can indicate the availability, reliability, and recoverability of a system or service in case of a failure or disaster. SLA and RTO can also help evaluate the effectiveness and efficiency of the business continuity plan and solution.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 20, section 4.2
A company recently subscribed to a SaaS collaboration service for its business users. The company also has an on-premises collaboration solution and would like users to have a seamless experience regardless of the collaboration solution being used.
Which of the following should the administrator implement?
- A . LDAP
- B . WAF
- C . VDI
- D . SSO
D
Explanation:
Single sign-on (SSO) is a type of authentication mechanism that allows users to access multiple systems or applications with a single login credential. SSO can help users have a seamless experience regardless of the collaboration solution being used, as it can eliminate the need for multiple logins and passwords for different systems or applications. SSO can also improve user convenience, productivity, and security, as it can simplify the login process, reduce login errors, and enhance password management.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A systems administrator has migrated an internal application to a public cloud. The new web server is running under a TLS connection and has the same TLS certificate as the internal application that is deployed. However, the IT department reports that only internal users who are using new versions of the OSs are able to load the application home page.
Which of the following is the MOST likely cause of the issue?
- A . The local firewall from older OSs is not allowing outbound connections
- B . The local firewall from older OSs is not allowing inbound connections
- C . The cloud web server is using a self-signed certificate that is not supported by older browsers
- D . The cloud web server is using strong ciphers that are not supported by older browsers
D
Explanation:
Ciphers are algorithms or methods that are used to encrypt and decrypt data for secure communication. Strong ciphers are ciphers that use high-level encryption techniques and keys to provide stronger security and protection for data. The cloud web server is using strong ciphers that are not supported by older browsers is the most likely cause of the issue of only internal users who are using new versions of the OSs being able to load the application home page after the administrator configured a redirect from HTTP to HTTPS on the web server. Older browsers may not support the strong ciphers used by the cloud web server for HTTPS connections, which can result in a failure to establish a secure connection and load the application home page.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A cloud administrator recently noticed that a number of files stored at a SaaS provider’s file-sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access.
Which of the following is the best step for the administrator to take NEXT?
- A . Identify the changes to the file-sharing service and document
- B . Acquire a third-party DLP solution to implement and manage access
- C . Test the current access permissions to the file-sharing service
- D . Define and configure the proper permissions for the file-sharing service
D
Explanation:
Permissions are rules or settings that determine what actions users can perform on files or resources in a system or service. Permissions can help control and restrict access to files or resources based on various criteria, such as user identity, role, group, or ownership. Defining and configuring the proper permissions for the file-sharing service is the best step for the administrator to take next after discovering that sales group members can access the financial application due to being part of the finance group and having write access to all files in the file-sharing service. Defining and configuring the proper permissions can prevent unauthorized or accidental access or modification of files or resources by limiting or granting access based on specific criteria.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A systems administrator is provisioning VMs in a cloud environment and has been told to select an OS build with the furthest end-of-life date.
Which of the following OS builds would be BEST for the systems administrator to use?
- A . Open-source
- B . LTS
- C . Canary
- D . Beta
- E . Stable
B
Explanation:
Long-term support (LTS) is a type of release cycle that provides extended support and maintenance for software products or operating systems. LTS releases typically have longer end-of-life dates than regular releases, as they receive security updates, bug fixes, and patches for several years after their initial release date. LTS releases can also offer higher stability, reliability, and compatibility than regular releases, as they undergo more testing and quality assurance processes before being released. LTS is the best OS build for a systems administrator to use when provisioning VMs in a cloud environment and being told to select an OS build with the furthest end-of-life date.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
A systems administrator is deploying a new storage array for backups. The array provides 1PB of raw
disk space and uses 14TB nearline SAS drives. The solution must tolerate at least two failed drives in a single RAID set.
Which of the following RAID levels satisfies this requirement?
- A . RAID 0
- B . RAID 1
- C . RAID 5
- D . RAID 6
- E . RAID 10
D
Explanation:
RAID 6 is a type of RAID level that uses block-level striping with two parity blocks distributed across all member disks. RAID 6 can provide redundancy and fault tolerance, as it can survive the failure of up to two disks without losing any data. RAID 6 can also support large data sets and high-capacity disks, as it can offer more usable space and better performance than other RAID levels with similar features, such as RAID 5 or RAID 10. RAID 6 is the best RAID level for a systems administrator to use when deploying a new storage array for backups that provides 1PB of raw disk space and uses 14TB nearline SAS drives and must tolerate at least two failed drives in a single RAID set.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment. Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application. Single sign-on is also implemented, which makes access much easier.
Which of the following access control rules should be changed?
- A . Discretionary-based
- B . Attribute-based
- C . Mandatory-based
- D . Role-based
D
Explanation:
Role-based access control (RBAC) is a type of access control model that assigns permissions and privileges to users based on their roles or functions within an organization or system. RBAC can help simplify and streamline the management and enforcement of access policies, as it can reduce the complexity and redundancy of assigning permissions to individual users or groups. RBAC can also help improve security and compliance, as it can limit or grant access based on the principle of least privilege and the separation of duties. RBAC is the best access control rule to change when the sales group is part of the finance group and the sales team members can access the financial application due to a single sign-on mechanism being implem
Reference: https://www.ekransystem.com/en/blog/rbac-vs-abac
A systems administrator needs to configure SSO authentication in a hybrid cloud environment.
Which of the following is the BEST technique to use?
- A . Access controls
- B . Federation
- C . Multifactor authentication
- D . Certificate authentication
B
Explanation:
Federation is a type of authentication mechanism that allows users to access multiple systems or applications across different domains or organizations with a single login credential. Federation can help configure SSO authentication in a hybrid cloud environment, as it can enable seamless and secure access to cloud-based and on-premises resources using the same identity provider and authentication method. Federation can also improve user convenience, productivity, and security, as it can simplify the login process, reduce login errors, and enhance password management.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A cloud architect is designing the VPCs for a new hybrid cloud deployment.
The business requires the following:
✑ High availability
✑ Horizontal auto-scaling
✑ 60 nodes peak capacity per region
✑ Five reserved network IP addresses per subnet
✑ /24 range
Which of the following would BEST meet the above requirements?
- A . Create two /25 subnets in different regions
- B . Create three /25 subnets in different regions
- C . Create two /26 subnets in different regions
- D . Create three /26 subnets in different regions
- E . Create two /27 subnets in different regions
- F . Create three /27 subnets in different regions
C
Explanation:
A /26 subnet is a subnet that has a network prefix of 26 bits and a host prefix of 6 bits. A /26 subnet can support up to 64 hosts (62 usable hosts) and has a subnet mask of 255.255.255.192. Creating two /26 subnets in different regions can best meet the business requirements for deploying a high availability, horizontally auto-scaling solution that has a peak capacity of 60 nodes per region and five reserved network IP addresses per subnet. Creating two /26 subnets can provide enough host addresses for the peak capacity and the reserved addresses, as well as allow for some growth or redundancy. Creating the subnets in different regions can provide high availability and horizontal auto-scaling, as it can distribute the workload across multiple locations and scale out or in based on demand.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
In an existing IaaS instance, it is required to deploy a single application that has different versions.
Which of the following should be recommended to meet this requirement?
- A . Deploy using containers
- B . Install a Type 2 hypervisor
- C . Enable SR-IOV on the host
- D . Create snapshots
A
Explanation:
Containers are a type of deployment technology that packages an application and its dependencies into a lightweight and portable unit that can run on any platform or environment. Containers can help deploy a single application that has different versions in an existing IaaS instance, as they can isolate and run multiple versions of the same application without any conflicts or interference. Containers can also enable faster and easier deployment, scaling, and management of cloud-based applications.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
A media company has made the decision to migrate a physical, internal file server to the cloud and use a web- based interface to access and manage the files. The users must be able to use their current corporate logins.
Which of the following is the MOST efficient way to achieve this goal?
- A . Deploy a VM in a cloud, attach storage, and copy the files across
- B . Use a SaaS service with a directory service federation
- C . Deploy a fileshare in a public cloud and copy the files across
- D . Copy the files to the object storage location in a public cloud
B
Explanation:
Software as a service (SaaS) is a type of cloud service model that provides software applications over the Internet that are hosted and managed by a cloud service provider. Directory service federation is a type of authentication mechanism that allows users to access multiple systems or applications across different domains or organizations with a single login credential. Using a SaaS service with a directory service federation can help migrate an internal file server to the cloud and use a web-based interface to access and manage the files, as it can eliminate the need for maintaining an on-premises file server and enable seamless and secure access to cloud-based files using the same corporate logins.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 8, section 1.2
A systems administrator for an e-commerce company will be migrating the company’s main website to a cloud provider. The principal requirement is that the website must be highly available.
Which of the following will BEST address this requirement?
- A . Vertical scaling
- B . A server cluster
- C . Redundant switches
- D . A next-generation firewall
B
Explanation:
A server cluster is a group of servers that work together to provide high availability, load balancing, and scalability for applications or services. A server cluster can help ensure the high availability requirement for migrating an e-commerce company’s main website to a cloud provider, as it can prevent downtime or disruption in case of a server failure or outage by automatically switching the workload to another server in the cluster. A server cluster can also improve performance and reliability, as it can distribute the workload across multiple servers and handle increased traffic or demand.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
An organization is required to set a custom registry key on the guest operating system.
Which of the following should the organization implement to facilitate this requirement?
- A . A configuration management solution
- B . A log and event monitoring solution
- C . A file integrity check solution
- D . An operating system ACL
A
Explanation:
A configuration management solution is a type of tool or system that automates and standardizes the configuration and deployment of cloud resources or services according to predefined policies or rules. A configuration management solution can help set a custom registry key on the guest operating system in an IaaS instance, as it can apply the desired registry setting to one or more virtual machines (VMs) without manual intervention or scripting. A configuration management solution can also help maintain consistency, compliance, and security of cloud configurations by monitoring and enforcing the desired state.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A systems administrator is deploying a GPU-accelerated VDI solution. Upon requests from several users, the administrator installs an older version of the OS on their virtual workstations. The majority of the VMs run the latest LTS version of the OS.
Which of the following types of drivers will MOST likely ensure compatibility will all virtual workstations?
- A . Alternative community drivers
- B . Legacy drivers
- C . The latest drivers from the vendor’s website
- D . The drivers from the OS repository
D
Explanation:
The drivers from the OS repository are the drivers that are included or available in the official software repository or package manager of the operating system. The drivers from the OS repository are most likely to ensure compatibility with all virtual workstations that use a GPU-accelerated VDI solution, as they are tested and verified to work with different versions of the operating system and the hardware. The drivers from the OS repository can also provide stability and security, as they are regularly updated and patched by the operating system vendor or community.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
A cloud engineer is responsible for managing two cloud environments from different MSPs. The security department would like to inspect all traffic from the two cloud environments.
Which of the following network topology solutions should the cloud engineer implement to reduce long-term maintenance?
- A . Chain
- B . Star
- C . Mesh
- D . Hub and spoke
D
Explanation:
Hub and spoke is a type of network topology that consists of a central node or device (hub) that connects to multiple peripheral nodes or devices (spokes). Hub and spoke can help reduce long-term maintenance for managing two cloud environments from different MSPs, as it can simplify and centralize the network configuration and management by using the hub as a single point of contact and control for the spokes. Hub and spoke can also improve network performance and security, as it can reduce latency, bandwidth consumption, and network congestion by routing traffic through the hub.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Which of the following is relevant to capacity planning in a SaaS environment?
- A . Licensing
- B . A hypervisor
- C . Clustering
- D . Scalability
D
Explanation:
Scalability is the ability of a system or service to handle increased workload or demand by adding or removing resources or capacity as needed. Scalability is relevant to capacity planning in a SaaS environment, as it can affect the performance, availability, and cost of the SaaS service. Scalability can help optimize the capacity planning process by ensuring that the SaaS service has enough resources or capacity to meet the current and future needs of the customers without wasting or underutilizing resources or capacity.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 12, section 2.2
A cloud administrator is setting up a DR site on a different zone of the same CSP. The application servers are replicated using the VM replication, and the database replication is set up using log shipping. Upon testing the DR site, the application servers are unable to access the database servers. The administrator has verified the systems are running and are accessible from the CSP portal.
Which of the following should the administrator do to fix this issue?
- A . Change the database application IP
- B . Create a database cluster between the primary site and the DR site
- C . Update the connection string
- D . Edit the DNS record at the DR site for the application servers
C
Explanation:
A connection string is a parameter that specifies how to connect to a database server or instance. A connection string typically includes information such as the server name, database name, user name, password, and other options. Updating the connection string is the best way to fix the issue of application servers being unable to access the database servers after setting up a DR site on a different zone of the same CSP and replicating the application and database servers using VM replication and log shipping. Updating the connection string can ensure that the application servers can connect to the correct database server or instance in the DR site, as the server name or IP address may have changed after the replication.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
A company has deployed a new cloud solution and is required to meet security compliance.
Which of the following will MOST likely be executed in the cloud solution to meet security requirements?
- A . Performance testing
- B . Regression testing
- C . Vulnerability testing
- D . Usability testing
C
Explanation:
Vulnerability testing is a type of security testing that identifies and evaluates the weaknesses or flaws in a system or service that could be exploited by attackers. Vulnerability testing can help meet security compliance requirements when deploying a new cloud solution, as it can reveal any potential security risks or gaps in the cloud environment and provide recommendations for remediation or mitigation. Vulnerability testing can also help improve security posture and performance, as it can prevent or reduce the impact of cyberattacks, data breaches, or service disruptions.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A cloud administrator is switching hosting companies and using the same script that was previously used to deploy VMs in the new cloud. The script is returning errors that the command was not found.
Which of the following is the MOST likely cause of the script failure?
- A . Account mismatches
- B . IP address changes
- C . API version incompatibility
- D . Server name changes
C
Explanation:
An application programming interface (API) is a set of rules or protocols that defines how different systems or applications can communicate or interact with each other. An API version is a specific iteration or release of an API that may have different features or functionalities than previous or subsequent versions. API version incompatibility is the most likely cause of the script failure when switching hosting companies and using the same script that was previously used to deploy VMs in the new cloud, as it can result in errors or failures when trying to execute commands or functions that are not supported or recognized by the new cloud provider’s API version. The issue can be resolved by updating or modifying the script to match the new cloud provider’s API version.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A systems administrator needs to configure monitoring for a private cloud environment. The administrator has decided to use SNMP for this task.
Which of the following ports should the administrator open on the monitoring server’s firewall?
- A . 53
- B . 123
- C . 139
- D . 161
D
Explanation:
Port 161 is the default port used by Simple Network Management Protocol (SNMP) to communicate with network devices and collect information about their status, performance, configuration, and events. Opening port 161 on the monitoring server’s firewall will allow SNMP traffic to pass through and enable monitoring for a private cloud environment. If port 161 is closed or blocked, SNMP traffic will be denied or dropped, resulting in a failure to monitor the network devices.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
An organization has the following requirements that need to be met when implementing cloud services:
✑ SSO to cloud infrastructure
✑ On-premises directory service
✑ RBAC for IT staff
Which of the following cloud models would meet these requirements?
- A . Public
- B . Community
- C . Hybrid
- D . Multitenant
C
Explanation:
A hybrid cloud is a type of cloud deployment model that combines two or more different types of clouds, such as public, private, or community clouds, into a single integrated environment. A hybrid cloud can meet the requirements for implementing cloud services with SSO to cloud infrastructure, on-premises directory service, and RBAC for IT staff, as it can provide flexibility, scalability, and security for cloud-based and on-premises resources. A hybrid cloud can also enable seamless and secure access to cloud infrastructure using SSO with directory service federation, as well as granular and consistent control over IT staff permissions using RBAC across different cloud environments.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 8, section 1.2
A cloud administrator is reviewing a new application implementation document. The administrator needs to make sure all the known bugs and fixes are applied, and unwanted ports and services are disabled.
Which of the following techniques would BEST help the administrator assess these business requirements?
- A . Performance testing
- B . Usability testing
- C . Vulnerability testing
- D . Regression testing
D
Explanation:
Regression testing is a type of software testing that verifies that existing features or functionalities of a system or application are not affected by any changes or updates made to it. Regression testing can help assess whether all the known bugs and fixes are applied and unwanted ports and services are disabled when reviewing a new application implementation document for a cloud deployment, as it can detect any errors or defects that may have been introduced or re-introduced after applying patches, updates, or configurations to the application.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 19, section 4.1
A cloud administrator needs to implement a mechanism to monitor the expense of the company’s
cloud resources.
Which of the following is the BEST option to execute this task with minimal effort?
- A . Ask the cloud provider to send a daily expense report
- B . Set custom notifications for exceeding budget thresholds
- C . Use the API to collect expense information from cloud resources
- D . Implement a financial tool to monitor cloud resource expenses
B
Explanation:
Setting custom notifications for exceeding budget thresholds is the best option to execute the task of monitoring the expense of the company’s cloud resources with minimal effort, as it can automate and simplify the process of tracking and alerting the cloud administrator about any overspending or wastage of cloud resources. Setting custom notifications can also help optimize the cost and performance of cloud resources, as it can enable timely and proactive actions to adjust or optimize the resource allocation or consumption based on the budget limits.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
An organization’s web server farm, which is hosted in the cloud with DNS load balancing, is experiencing a spike in network traffic. This has caused an outage of the organization’s web server infrastructure.
Which of the following should be implemented to prevent this in the future as a mitigation method?
- A . Enable DLP
- B . Configure microsegmentation
- C . Enable DNSSEC
- D . Deploy a vADC appliance
D
Explanation:
A virtual application delivery controller (vADC) is a type of network device or software that provides load balancing, security, and optimization for web applications or services. Deploying a vADC appliance can help prevent an outage of the organization’s web server infrastructure due to a spike in network traffic, as it can distribute the traffic across multiple web servers and improve the performance and availability of web applications or services. Deploying a vADC appliance can also provide mitigation methods such as DDoS protection, SSL offloading, and caching to enhance the security and efficiency of web traffic delivery.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed.
Which of the following will BEST identify the CPU with more computational power?
- A . Simultaneous multithreading
- B . Bus speed
- C . L3 cache
- D . Instructions per cycle
D
Explanation:
Instructions per cycle (IPC) is a metric that measures how many instructions a CPU can execute in one clock cycle. IPC can help identify the CPU with more computational power when comparing two CPU models that have the same number of cores/threads and run at the same clock speed, as it indicates the efficiency and performance of the CPU architecture and design. A higher IPC means that the CPU can process more instructions in less time, resulting in faster and better performance.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
Reference: https://en.wikipedia.org/wiki/Central_processing_unit
A cloud administrator is building a new VM for a network security appliance. The security appliance installer says the CPU clock speed does not meet the requirements.
Which of the following will MOST likely solve the issue?
- A . Move the VM to a host with a faster CPU
- B . Add more vCPUs to the VM
- C . Enable CPU masking on the VM
- D . Enable hyperthreading on the virtual host
A
Explanation:
Moving the VM to a host with a faster CPU is the best way to solve the issue of the security appliance installer saying the CPU clock speed does not meet the requirements when building a new VM for a network security appliance. Moving the VM to a host with a faster CPU can ensure that the VM meets the minimum CPU clock speed requirement for the security appliance, as it can use the physical CPU resources of the host. Moving the VM to a host with a faster CPU can also improve the performance and reliability of the security appliance, as it can reduce latency, contention, and overhead.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
An organization will be deploying a web application in a public cloud with two web servers, two database servers, and a load balancer that is accessible over a single public IP.
Taking into account the gateway for this subnet and the potential to add two more web servers, which of the following will meet the minimum IP requirement?
- A . 192.168.1.0/26
- B . 192.168.1.0/27
- C . 192.168.1.0/28
- D . 192.168.1.0/29
C
Explanation:
A /28 subnet is a subnet that has a network prefix of 28 bits and a host prefix of 4 bits. A /28 subnet can support up to 16 hosts (14 usable hosts) and has a subnet mask of 255.255.255.240. Using a /28 subnet can meet the minimum IP requirement for deploying a web application in a public cloud with two web servers, two database servers, and a load balancer that is accessible over a single public IP, taking into account the gateway for this subnet and the potential to add two more web servers.
Using a /28 subnet can provide enough host addresses for the current and future web servers, database servers, load balancer, and gateway, as well as allow for some growth or redundancy.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A cloud administrator checked out the deployment scripts used to deploy the sandbox environment to a public cloud provider. The administrator modified the script to add an application load balancer in front of the web- based front-end application. The administrator next used the script to recreate a new sandbox environment successfully, and the application was then using the new load balancer.
The following week, a new update was required to add more front-end servers to the sandbox environment. A second administrator made the necessary changes and checked out the deployment scripts. The second administrator then ran the script, but the application load balancer was missing from the new deployment.
Which of the following is the MOST likely reason for this issue?
- A . The license limit on the number of server deployments allowed per month was exceeded
- B . The deployment script changes made by the first administrator were not checked in and committed
- C . The new server images were incompatible with the application load-balancer configuration
- D . The application load balancer exceeded the maximum number of servers it could use
B
Explanation:
Checking in and committing are actions that save and update the changes made to a file or code in a version control system or repository. Checking in and committing can help track and synchronize the
changes made by different users or developers working on the same file or code. The deployment script changes made by the first administrator were not checked in and committed is the most likely reason for the issue of the application load balancer being missing from the new deployment after a second administrator made some changes and ran the script. If the first administrator did not check in and commit the changes made to add an application load balancer to the script, then those changes would not be reflected or available in the latest version of the script used by the second administrator.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A systems administrator is using VMs to deploy a new solution that contains a number of application VMs.
Which of the following would provide high availability to the application environment in case of hypervisor failure?
- A . Anti-affinity rules
- B . Cold migration
- C . Live migration
- D . Affinity rules
A
Explanation:
Anti-affinity rules are rules or policies that prevent two or more VMs from running on the same host or cluster in a cloud environment. Anti-affinity rules can provide high availability to an application environment in case of hypervisor failure, as they can distribute or separate the application VMs across different hosts or clusters and avoid having a single point of failure. Anti-affinity rules can also improve performance and reliability, as they can reduce contention and load by balancing the resource utilization across multiple hosts or clusters.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
Reference: https://www.vmware.com/products/vsphere/high-availability.html
A company just successfully completed a DR test and is ready to shut down its DR site and resume normal operations.
Which of the following actions should the cloud administrator take FIRST?
- A . Initiate a failover
- B . Restore backups
- C . Configure the network
- D . Perform a failback
D
Explanation:
A failback is a process of restoring or returning a system or service to its original state or location after a failure or disaster recovery event. Performing a failback is the first action that a cloud administrator should take after successfully completing a DR test and being ready to shut down its DR site and resume normal operations, as it can ensure that all data and configurations are synchronized and consistent between the primary site and the DR site before switching back to the primary site. Performing a failback can also help minimize downtime or disruption, as it can verify that all systems or services are functioning properly before resuming normal operations.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
A cloud administrator has built a new private cloud environment and needs to monitor all computer, storage, and network components of the environment.
Which of the following protocols would be MOST useful for this task?
- A . SMTP
- B . SCP
- C . SNMP
- D . SFTP
C
Explanation:
Simple Network Management Protocol (SNMP) is a protocol that enables monitoring and managing network devices and components in an IP network. SNMP can help monitor all computer, storage, and network components of a private cloud environment, as it can collect and report information about their status, performance, configuration, and events. SNMP can also help troubleshoot and optimize the private cloud environment, as it can detect and alert any issues or anomalies related to the network devices and components.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Company A has acquired Company B and is in the process of integrating their cloud resources.
Company B needs access to Company A’s cloud resources while retaining its IAM solution.
Which of the following should be implemented?
- A . Multifactor authentication
- B . Single sign-on
- C . Identity federation
- D . Directory service
C
Explanation:
Identity federation is a type of authentication mechanism that allows users to access multiple systems or applications across different domains or organizations with a single login credential. Identity federation can help integrate the cloud resources of Company A and Company B after Company A has acquired Company B, as it can enable seamless and secure access to both companies’ cloud resources using the same IAM solution. Identity federation can also improve user convenience, productivity, and security, as it can simplify the login process, reduce login errors, and enhance password management.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
Reference: https://medium.com/@dinika.15/identity-federation-a-brief-introduction-f2f823f8795a
After accidentally uploading a password for an IAM user in plain text, which of the following should a cloud administrator do FIRST? (Choose two.)
- A . Identify the resources that are accessible to the affected IAM user
- B . Remove the published plain-text password
- C . Notify users that a data breach has occurred
- D . Change the affected IAM user’s password
- E . Delete the affected IAM user
BD
Explanation:
Removing the published plain-text password and changing the affected IAM user’s password are the first actions that a cloud administrator should take after accidentally uploading a password for an IAM user in plain text, as they can prevent or limit any unauthorized or malicious access to the cloud resources or services using the compromised password. Removing the published plain-text password can ensure that the password is not exposed or available to anyone who may access or view the uploaded file. Changing the affected IAM user’s password can ensure that the password is updated and secured using encryption or hashing techniques.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A cloud administrator is planning to migrate a globally accessed application to the cloud.
Which of the following should the cloud administrator implement to BEST reduce latency for all users?
- A . Regions
- B . Auto-scaling
- C . Clustering
- D . Cloud bursting
A
Explanation:
Regions are geographical locations or areas where cloud service providers have data centers or facilities that host their cloud resources or services. Regions can help reduce latency for all users when deploying a globally accessed application to the cloud, as they can enable faster and closer access to the cloud resources or services based on the user’s physical location. Regions can also improve performance and availability, as they can provide redundancy and load balancing by distributing the workload across multiple locations.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance has been slow since the images were upgraded from Windows 7 to Windows 10.
This VDI environment is used to run simple tasks, such as Microsoft Office.
The administrator investigates the virtual machines and finds the following settings:
✑ 4 vCPU
✑ 16GB RAM
✑ 10Gb networking
✑ 256MB frame buffer
Which of the following MOST likely needs to be upgraded?
- A . vRAM
- B . vCPU
- C . vGPU
- D . vNIC
C
Explanation:
A virtual graphics processing unit (vGPU) is a type of hardware or software that enables a VM to use the physical GPU resources of the host or server for graphics-intensive tasks. Upgrading the vGPU is most likely to solve the issue of VDI performance being slow since the images were upgraded from Windows 7 to Windows 10, as it can provide more graphics processing power and memory for the VMs. Upgrading the vGPU can also improve the user experience and productivity, as it can enhance the display quality and responsiveness of the VDI environment.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
A SAN that holds VM files is running out of storage space.
Which of the following will BEST increase the amount of effective storage on the SAN?
- A . Enable encryption
- B . Increase IOPS
- C . Convert the SAN from RAID 50 to RAID 60
- D . Configure deduplication
D
Explanation:
Deduplication is a type of data compression technique that eliminates redundant or duplicate data blocks or segments in a storage system or device. Configuring deduplication can help increase the amount of effective storage on a SAN that holds VM files and is running out of storage space, as it can reduce the storage space consumption and increase the storage space utilization by storing only unique data blocks or segments. Configuring deduplication can also improve performance and efficiency, as it can speed up data transfer and backup processes and save network bandwidth and power consumption.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
A storage array that is used exclusively for datastores is being decommissioned, and a new array has been installed. Now the private cloud administrator needs to migrate the data.
Which of the following migration methods would be the BEST to use?
- A . Conduct a V2V migration
- B . Perform a storage live migration
- C . Rsync the data between arrays
- D . Use a storage vendor migration appliance
B
Explanation:
A storage live migration is a process of moving or transferring data or files from one storage system or device to another without interrupting or affecting the availability or performance of the VMs or applications that use them. Performing a storage live migration can help migrate the data from a SAN that is being decommissioned to a new array, as it can ensure that there is no downtime or disruption for the VMs or applications that rely on the data or files stored on the SAN. Performing a storage live migration can also help maintain consistency and integrity, as it can synchronize and verify the data or files between the source and destination storage systems or devices.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
A company developed a product using a cloud provider’s PaaS platform and many of the platform-based components within the application environment.
Which of the following would the company MOST likely be concerned about when utilizing a multicloud strategy or migrating to another cloud provider?
- A . Licensing
- B . Authentication providers
- C . Service-level agreement
- D . Vendor lock-in
D
Explanation:
Vendor lock-in is a situation where a customer becomes dependent on a specific vendor for products or services and faces high switching costs or barriers when trying to change vendors. Vendor lock-in is most likely to be a concern for a company that developed a product using a cloud provider’s PaaS platform and many of the platform-based components within the application environment when utilizing a multicloud strategy or migrating to another cloud provider, as it can limit the flexibility, scalability, and portability of the product and increase the complexity, risk, and cost of moving or integrating with other cloud platforms or providers.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 8, section 1.2
An IaaS provider has numerous devices and services that are commissioned and decommissioned automatically on an ongoing basis. The cloud administrator needs to implement a solution that will help reduce administrative overhead.
Which of the following will accomplish this task?
- A . IPAM
- B . NAC
- C . NTP
- D . DNS
A
Explanation:
IP address management (IPAM) is a type of tool or system that automates and standardizes the allocation, tracking, and management of IP addresses in an IP network. IPAM can help reduce administrative overhead for an IaaS provider that has numerous devices and services that are commissioned and decommissioned automatically on an ongoing basis, as it can simplify and centralize the process of assigning and reclaiming IP addresses for different devices and services without manual intervention or errors. IPAM can also help optimize network performance and security, as it can monitor and report any issues or conflicts related to IP addresses.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Reference: https://www.infoblox.com/glossary/ipam-ip-address-management/
A systems administrator needs to configure an email client to ensure data integrity of the email messages.
Which of the following provides the BEST mechanism to achieve this goal?
- A . Cyclic redundancy check
- B . SHA-1 hashes
- C . SHA-256 hashes
- D . Digital signature
D
Explanation:
A digital signature is a type of cryptographic technique that verifies the authenticity, integrity, and non-repudiation of an electronic message or document. A digital signature can help configure an email client to ensure data integrity of the email messages, as it can prove that the email message has not been altered or tampered with during transmission by using a mathematical algorithm to generate a unique code (signature) based on the content and identity of the sender. A digital signature can also help prevent spoofing, phishing, or impersonation attacks, as it can confirm that the email message originates from a legitimate source.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
Reference: https://www.fsl.cs.sunysb.edu/docs/integrity-storagess05/integrity.html
A systems administrator is troubleshooting network throughput issues following a deployment. The network is currently being overwhelmed by the amount of traffic between the database and the web servers in the environment.
Which of the following should the administrator do to resolve this issue?
- A . Set up affinity rules to keep web and database servers on the same hypervisor
- B . Enable jumbo frames on the gateway
- C . Move the web and database servers onto the same VXLAN
- D . Move the servers onto thick-provisioned storage
C
Explanation:
A virtual extensible local area network (VXLAN) is a type of network virtualization technology that creates logical networks or segments that span across multiple physical networks or locations.
Moving the web and database servers onto the same VXLAN can help resolve the network throughput issues following a deployment, as it can reduce the network traffic between the database and the web servers by using a common virtual network identifier (VNI) and encapsulating the traffic within UDP packets. Moving the web and database servers onto the same VXLAN can also improve performance and security, as it can provide higher scalability, isolation, and encryption for the network traffic.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Which of the following strategies will mitigate the risk of a zero-day vulnerability MOST efficiently?
- A . Using only open-source technologies
- B . Keeping all resources up to date
- C . Creating a standby environment with a different cloud provider
- D . Having a detailed incident response plan
D
Explanation:
An incident response plan is a document or procedure that defines the roles, responsibilities, and actions to be taken in the event of a security incident or breach. Having a detailed incident response plan can help mitigate the risk of a zero-day vulnerability most efficiently, as it can provide a clear and consistent framework for identifying, containing, analyzing, and resolving any potential threats or exploits related to the unknown or unpatched vulnerability. Having a detailed incident response plan can also help minimize the impact and damage of a security incident or breach, as it can enable timely and effective recovery and restoration processes.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A systems administrator wants the VMs on the hypervisor to share CPU resources on the same core when feasible.
Which of the following will BEST achieve this goal?
- A . Configure CPU passthrough
- B . Oversubscribe CPU resources
- C . Switch from a Type 1 to a Type 2 hypervisor
- D . Increase instructions per cycle
- E . Enable simultaneous multithreading
E
Explanation:
Simultaneous multithreading (SMT) is a type of CPU technology that allows multiple threads to run concurrently on a single CPU core. Enabling SMT can help achieve the goal of having the VMs on the hypervisor share CPU resources on the same core when feasible, as it can increase the CPU utilization and efficiency by executing more instructions per cycle and reducing idle time or wasted cycles. Enabling SMT can also improve performance and throughput, as it can speed up processing and handle increased workload or demand.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
An organization is hosting a DNS domain with private and public IP ranges.
Which of the following should be implemented to achieve ease of management?
- A . Network peering
- B . A CDN solution
- C . A SDN solution
- D . An IPAM solution
D
Explanation:
An IP address management (IPAM) solution is a type of tool or system that automates and standardizes the allocation, tracking, and management of IP addresses in an IP network. An IPAM solution can help achieve ease of management for hosting a DNS domain with private and public IP ranges, as it can simplify and centralize the process of assigning and updating IP addresses for different DNS records or zones without manual intervention or errors. An IPAM solution can also help optimize DNS performance and security, as it can monitor and report any issues or conflicts related to IP addresses or DNS records.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
Reference: https://www.infoblox.com/glossary/ipam-ip-address-management/
A systems administrator is creating a playbook to run tasks against a server on a set schedule.
Which of the following authentication techniques should the systems administrator use within the playbook?
- A . Use the server’s root credentials
- B . Hard-code the password within the playbook
- C . Create a service account on the server
- D . Use the administrator’s SSO credentials
C
Explanation:
A service account is a type of user account that is created for a specific service or application to run on a server or system. Creating a service account on the server is the best authentication technique to use within the playbook to run tasks against the server on a set schedule, as it can provide secure and consistent access to the server without exposing or hard-coding any sensitive credentials within the playbook. Creating a service account can also help manage and monitor the tasks and activities performed by the service or application on the server.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A cloud administrator recently deployed an update to the network drivers of several servers. Following the update, one of the servers no longer responds to remote login requests.
The cloud administrator investigates the issue and gathers the following information:
✑ The cloud management console shows the VM is running and the CPU and memory utilization is at or near 0%.
✑ The cloud management console does not show an IP address for that server.
✑ A DNS lookup shows the hostname resolves to an IP address.
✑ The server is a member of the same security group as the others.
✑ The cloud administrator is able to log in remotely to the other servers without issue.
Which of the following is the MOST likely cause of the server being unavailable?
- A . The network driver updates did not apply successfully, and the interface is in a down state.
- B . The ACL policy for the server was updated as part of the server reboot, preventing login access.
- C . The server was assigned a new IP address, and DNS entry for the server name was not updated.
- D . The update caused an increase in the output to the logs, and the server is too busy to respond.
A systems administrator in a large enterprise needs to alter the configuration of one of the finance department’s database servers.
Which of the following should the administrator perform FIRST?
- A . Capacity planning
- B . Change management
- C . Backups
- D . Patching
B
Explanation:
The SA would do the other three regardless of the need to alter configurations. In this situation, the SA would have to present the change to the CCB in order to do the alteration.
There is no clarification on whether the change management process has been gone through. Any changes, regardless of how small or big, must go through the change management process. This allows proposals to be heard by end-users, management, and possibly stockholders. From there, it will be reviewed and either approved or denied, with reasons specified. From there, the administrator(s) can do whatever processes are necessary.
Change management is a process or procedure that defines the steps, roles, and responsibilities for implementing, documenting, and communicating any changes or updates to a system or service. Change management can help ensure that any changes or updates are done in a controlled and consistent manner, minimizing any risks or impacts to the system or service. Performing change management is the first thing that a systems administrator should do before altering the configuration of one of the finance department’s database servers, as it can ensure that the change request is approved, authorized, tested, and verified before applying it to the database server.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A SaaS provider wants to maintain maximum availability for its service.
Which of the following should be implemented to attain the maximum SLA?
- A . A hot site
- B . An active-active site
- C . A warm site
- D . A cold site
B
Explanation:
An active-active site is a type of disaster recovery (DR) site that runs simultaneously with the primary site and handles part of the normal workload or traffic. An active-active site can help maintain maximum availability for a SaaS service, as it can provide load balancing, redundancy, and failover capabilities for the SaaS service in case of an outage or disruption at the primary site. An active-active site can also improve performance and scalability, as it can distribute the workload or traffic across multiple sites and handle increased demand or peak periods.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
An SQL injection vulnerability was reported on a web application, and the cloud platform team needs to mitigate the vulnerability while it is corrected by the development team.
Which of the following controls will BEST mitigate the risk of exploitation?
- A . DLP
- B . HIDS
- C . NAC
- D . WAF
D
Explanation:
A web application firewall (WAF) is a type of network security device or software that monitors and filters HTTP traffic between a web application and the Internet. A WAF can help mitigate the risk of exploitation of an SQL injection vulnerability reported on a web application while it is corrected by the development team, as it can detect and block any malicious requests or queries that attempt to inject SQL commands into the web application’s database. A WAF can also help protect the web application from other common web-based attacks, such as cross-site scripting (XSS), remote file inclusion (RFI), or denial-of-service (DoS).
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A cloud architect wants to minimize the risk of having systems administrators in an IaaS compute instance perform application code changes. The development group should be the only group allowed to modify files in the directory.
Which of the following will accomplish the desired objective?
- A . Remove the file write permissions for the application service account.
- B . Restrict the file write permissions to the development group only.
- C . Add access to the fileshare for the systems administrator’s group.
- D . Deny access to all development user accounts
B
Explanation:
File write permissions are permissions that control who can modify or delete files in a directory or system. Restricting the file write permissions to the development group only can help minimize the risk of having systems administrators in an IaaS compute instance perform application code changes, as it can prevent anyone other than the development group from altering or removing any files in the directory where the application code is stored. Restricting the file write permissions can also help maintain consistency and integrity, as it can ensure that only authorized and qualified users can make changes to the application code.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
A technician is working with an American company that is using cloud services to provide video-based training for its customers. Recently, due to a surge in demand, customers in Europe are experiencing latency.
Which of the following services should the technician deploy to eliminate the latency issue?
- A . Auto-scaling
- B . Cloud bursting
- C . A content delivery network
- D . A new cloud provider
C
Explanation:
https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
"A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content."
A web server has been deployed in a public IaaS provider and has been assigned the public IP address of 72.135.10.100. Users are now reporting that when they browse to the website, they receive a message indicating the service is unavailable.
The cloud administrator logs into the server, runs a netstat command, and notices the following relevant output:
Which of the following actions should the cloud administrator take to resolve the issue?
- A . Assign a new IP address of 192.168.100.10 to the web server
- B . Modify the firewall on 72.135.10.100 to allow only UDP
- C . Configure the WAF to filter requests from 17.3.130.3
- D . Update the gateway on the web server to use 72.135.10.1
D
Explanation:
Updating the gateway on the web server to use 72.135.10.1 is the best action to take to resolve the issue of the web server being unavailable after being deployed in a public IaaS provider and assigned the public IP address of 72.135.10.100. Updating the gateway can ensure that the web server can communicate with the Internet and other networks by using the correct router or device that connects the web server’s network to other networks. Updating the gateway can also improve performance and reliability, as it can avoid any routing errors or conflicts that may prevent the web server from responding to remote login requests.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
The security team for a large corporation is investigating a data breach. The team members are all trying to do the same tasks but are interfering with each other’s work.
Which of the following did the team MOST likely forget to implement?
- A . Incident type categories
- B . A calling tree
- C . Change management
- D . Roles and responsibilities
D
Explanation:
Roles and responsibilities are definitions or descriptions of what each team member or stakeholder is expected to do or perform in a project or process. Roles and responsibilities can help clarify the scope, authority, and accountability of each team member or stakeholder and avoid any confusion or duplication of work. The security team most likely forgot to implement roles and responsibilities when investigating a data breach, as they are all trying to do the same tasks but are interfering with each other’s work. Implementing roles and responsibilities can help improve efficiency and effectiveness, as it can ensure that each team member or stakeholder knows what tasks they need to do and how they need to coordinate with others.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 13, section 2.5
A systems administrator is deploying a solution that requires a virtual network in a private cloud environment. The solution design requires the virtual network to transport multiple payload types.
Which of the following network virtualization options would BEST satisfy the requirement?
- A . VXLAN
- B . STT
- C . NVGRE
- D . GENEVE
D
Explanation:
Generic Network Virtualization Encapsulation (GENEVE) is a type of network virtualization technology that creates logical networks or segments that span across multiple physical networks or locations. GENEVE can satisfy the requirement of transporting multiple payload types in a virtual network in a private cloud environment, as it can support various network protocols and services by using a flexible and extensible header format that can encapsulate different types of payloads within UDP packets. GENEVE can also provide interoperability and compatibility, as it can integrate with existing network virtualization technologies such as VXLAN, STT, or NVGRE.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8
A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance is very slow at the start of the workday, but the performance is fine during the rest of the day.
Which of the following is the MOST likely cause of the issue? (Choose two.)
- A . Disk I/O limits
- B . Affinity rule
- C . CPU oversubscription
- D . RAM usage
- E . Insufficient GPU resources
- F . License issues
A, C
Explanation:
Disk I/O limits are restrictions or controls that limit the amount of disk input/output operations per second (IOPS) that a VM can perform on a storage device or system. CPU oversubscription is a situation where more CPU resources are allocated to VMs than are physically available on the host or server. Disk I/O limits and CPU oversubscription are most likely to cause VDI performance being very slow at the start of the workday, but fine during the rest of the day, as they can create bottlenecks or contention for disk and CPU resources when multiple users log in or launch their VDI sessions at the same time, resulting in increased latency or reduced throughput for VDI operations.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
Lateral-moving malware has infected the server infrastructure.
Which of the following network changes would MOST effectively prevent lateral movement in the future?
- A . Implement DNSSEC in all DNS servers
- B . Segment the physical network using a VLAN
- C . Implement microsegmentation on the network
- D . Implement 802.1X in the network infrastructure
C
Explanation:
Microsegmentation is a type of network security technique that divides a network into smaller logical segments or zones based on workload or application characteristics and applies granular policies and rules to control and isolate traffic within each segment or zone. Implementing microsegmentation on the network can help prevent lateral movement in the future after lateral-moving malware has infected the server infrastructure, as it can limit the exposure and spread of malware by restricting access and communication between different segments or zones based on predefined criteria such as identity, role, or behavior.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7
An IaaS application has a two-hour RTO and a four-hour RPO. The application takes one hour to back up its data or restore from a local backup file. A systems administrator is tasked with configuring the backup policy.
Which of the following should the administrator configure to achieve the application requirements with the LEAST cost?
- A . Back up to long-term storage every night
- B . Back up to object storage every three hours
- C . Back up to long-term storage every four hours
- D . Back up to object storage every hour
B
Explanation:
Object storage is a type of storage service that stores data as objects with unique identifiers and metadata in a flat namespace or structure. Backing up to object storage every three hours can help achieve the application requirements with the least cost for an IaaS application that has a two-hour RTO and a four-hour RPO, as it can provide scalable, durable, and cost-effective storage for backup data while meeting the recovery time and point objectives. Backing up to object storage every three hours can ensure that the backup data is no more than four hours old and can be restored within two hours in case of a disaster or failure.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
A systems administrator needs to convert ten physical servers to virtual.
Which of the following would be the MOST efficient conversion method for the administrator to use?
- A . Rebuild the servers from scratch
- B . Use the vendor’s conversion tool
- C . Clone the hard drive
- D . Restore from backup
B
Explanation:
A vendor’s conversion tool is a type of software or utility that automates and simplifies the process
of converting physical servers to virtual machines by capturing the configuration and data of the physical servers and creating virtual disks and files for the virtual machines. Using the vendor’s conversion tool can be the most efficient conversion method for a systems administrator to use to convert ten physical servers to virtual, as it can save time and effort by avoiding manual steps or errors involved in rebuilding, cloning, or restoring the physical servers to virtual machines. Using the vendor’s conversion tool can also ensure compatibility and consistency, as it can match the hardware and software requirements and settings of the physical servers to the virtual machines.
Reference: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5