Last Updated on July 10, 2021 by InfraExam
CV0-002 : CompTIA Cloud+ (CV0-002) : Part 13
An organization just went through a substantial audit, and the top findings were orphaned and inactive privileged accounts. Given the scenario, which of the following would be the BEST method for addressing these findings?
- SSO with federation integration
- ACLs and permissions verification
- Multifactor authentication
- Time-bound, just-in-time account provisioning
A cloud administrator is configuring block-level storage. The storage must be configured to be resistant from faults. Given this scenario, which of the following would aid in establishing fault tolerance with asynchronous redundancy?
- NAS with cloning
- DAS with mirroring
- JBOD with mirroring
- SAN with replication
A cloud administrator needs to give a new developer access to contents in a directory stored in a public cloud provider. Which of the following is the BEST way to do this?
- Add the developer to the role that has access to the directory contents.
- Create a folder for the developer in the public cloud and copy the content to this folder.
- Copy the contents of the folder to the developer’s local computer.
- Temporarily give the administrator’s credentials and reset the password.
A customer has requirements for its application data to be copied into a second location for failover possibilities. Latency should be minimized, while RPO and RTO are over 15 minutes. Which of the following technologies BEST fits the customer’s needs?
- Data mirroring
- Snapshot copies
- Storage cloning
- Asynchronous replication
A cloud administrator for a customer’s environment must ensure the availability of critical applications. The cloud provider hosting the infrastructure lost power, and the environment was down for four hours. Which of the following solutions is MOST suitable for ensuring availability of critical applications?
- Install services at alternate sites.
- Enable HA on the critical infrastructure.
- Move services to a third-party environment.
- Deploy additional services to edge sites.
A company needs to extend its on-premises private cloud to an external cloud provider to meet the needs of additional storage and database services. The cloud architect also needs to implement a technique to meet data-in-transit requirements. Which of the following is the BEST design to meet the company’s needs?
- Analyze and implement a network ACL policy.
- Analyze the requirements and implement an MPLS.
- Analyze and implement a TLS tunnel.
- Analyze and implement site-to-site VPN.
A firm responsible for ticket sales notices its local web servers are unable to handle the traffic, which often causes timeout errors and results in lost revenue. The firm wants to obtain additional cloud-based server resources only during peak times. Due to budget constraints, the firm wants to purchase only the exact amount required during peak times. Which of the following steps should be performed to BEST meet the budget requirement?
- Collect all web server specifications and purchase double the amount of resources from the CSP.
- Analyze web server performance trends to determine what is being used.
- Implement cloud bursting through CSP for web servers.
- Run a network analyzer to monitor web server traffic to determine peak traffic times.
A private cloud administrator needs to configure replication on the storage level for a required RPO of 15 minutes and RTO of one hour. Which of the following replication types would be the BEST to use?
- Cold storage
A company has implemented a change management process that allows standard changes during business hours. The company’s private cloud hardware needs firmware updates and supports rolling upgrades. Which of the following considerations should be given to upgrade firmware and make the change as transparent as possible to users?
- Implement the change as a standard change.
- Notify users before applying the change during the day.
- Fail the application over to perform the upgrade.
- Perform the change during off-hours to minimize the impact on users.
A company’s cloud administrator receives an advisory notice from the CSP. The CSP runs quarterly tests on its platform and customer’s environments. The cloud administrator reads the notice and sees the company’s environment is at risk of buffer over-read exploits. Which of the following tests is the CSP MOST likely running on a quarterly basis?
- Load testing
- Data integrity testing
- Vulnerability testing
- Performance testing
A cloud security analyst recently performed a vulnerability scan on a web application server across all staging environments. The vulnerability scan determines the directory that houses web content is located on the same drive as the operating system. The analyst then attempts to mitigate the vulnerability in all staging environments. The vulnerability scan is performed again and produces the following results:
Website XYZ web content is housed on the C: drive.
Website XYZ web content is housed on the G: drive.
Website XYZ web content is housed on the G: drive.
Given this scenario, which of the following should the test results conclude about the vulnerability?
- The mitigation results were unsuccessful, and the PROD staging environment requires remediation and/or mitigation.
- The mitigation results were unsuccessful, and the DEV staging environment requires remediation and/or mitigation.
- The mitigation results were unsuccessful, and each staging environment requires remediation and/or mitigation.
- The mitigation results were unsuccessful, and the QA staging environment requires remediation and/or mitigation.
A company moved its on-premises applications to several SaaS providers. As a result, the security team is concerned about accounts being compromised. Which of the following should the security tem implement to reduce this risk?
- Multifactor authentication
- Single sign-on
- Role-based access control
- Virtual private network
A company is consuming a SaaS solution with a large user base and wants to minimize user management, but also ensure access is as secure as possible. Which of the following should the cloud administrator select to help meet these requirements? (Choose two.)
A cloud engineer is required to ensure all servers in the cloud environment meet requirements for PCI compliance. One of the requirements is to make certain all administrator logins and commands are logged. Which of the following is the BEST approach to meet these requirements?
- Enable configuration change tracking for all servers in the public cloud provider’s dashboard.
- Enable detailed monitoring for all servers in the public cloud provider’s dashboard.
- Define and enable audit tracking rules on each server in the public cloud environment.
- Modify the cloud provider’s role-based authorization policies to log user session activity.
A financial services company has a requirement to keep backups on premises for 30 days and off-site for up to seven years to a location that is within 100mi (161km) of the primary datacenter location. Recovery times for backups kept on-site have an RTO of one hour, while recovery times for backups kept off-site have an RTO of four hours. Which of the following solutions BEST solves this requirement?
- Implement a full-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 100mi (161km) of the financial services company’s primary datacenter.
- Implement a clone-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 100mi (161km) of the financial services company’s primary datacenter.
- Implement an incremental-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 62mi (100km) of the financial services company’s primary datacenter.
- Implement a snapshot-based backup and recovery solution for backups within 30 days or less. For backups kept longer than 30 days, migrate them to a cloud provider that will host the data within 100mi (161km) of the financial services company’s primary datacenter.
A company is seeking a new backup solution for its virtualized file servers that fits the following characteristics:
The files stored on the servers are extremely large.
Existing files receive multiple small changes per day.
New files are only created once per month.
All backups are being sent to a cloud repository.
Which of the following would BEST minimize backup size?
- Local snapshots
- Real-time backups
- File-based replication
- Change block tracking
A company’s Chief Information Officer (CIO) wants to manage PII by delegating access to sensitive files to the human resources department. The cloud engineer is tasked with selecting and implementing an appropriate technique to achieve the stated objective. Which of the following control methods would be BEST for the cloud engineer to implement?
- Create a group, add users to the group, and apply the appropriate ACL.
- Restrict the access to originate from the home office only.
- Create a shared account for users in the human resources department.
- Implement multifactor authentication for users in the human resources department.
A company hired a consultant to diagnose and report performance issues of an application hosted on an IaaS, three-tier application. The cloud administrator must provision only the access required by the consultant to complete the job. Which of the following resource configurations should be applied to the consultant’s account? (Choose two.)
- Read/write access to the load balancer and its configuration settings
- Administrator account on the resources in that region
- Read/write access to the cloud compute resources
- Read-only access to the server OS logs
- Read-only access to the cloud resource diagnostic logs
- Administrator account in the server OS
Ann, an internal user, has been accessing an internal SaaS solution on a different subnet for the last several months. When Ann tries to connect to the application today, she receives an error stating the resource cannot be found. When checking with her teammates, she discovers some users can access the resource and others cannot. Which of the following tools would be the BEST option to determine where the issue is located?
ipconfig or ifconfig
tracert or traceroute
Which of the following solutions BEST complies with laws requiring secure data-at-rest for a critical application while keeping in mind the need for reduced costs?
- Install a new array with hardware encryption disks.
- Enable encryption on the back-end database.
- Use IPSec on the storage array.
- Enable HTTPS on the application.