ExamGecko
Search Search Login
Home Home / CompTIA / CV0-004

CompTIA CV0-004 Practice Test - Questions Answers, Page 11

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A network administrator is budding a site-to-site VPN tunnel from the company's headquarters office 10 the company's public cloud development network. The network administrator confirms the following: The VPN tunnel is established on the headquarter office firewall. While inside the office, developers report that they cannot connect to the development network resources. While outside the office on a client VPN, developers report that they can connect to the development network resources. The office and the client VPN have different IP subnet ranges. The firewall flow logs show VPN traffic is reaching the development network from the office. Which of the following is the next step the next network administrator should take to troubleshoot the VPN tunnel?
An organization located in Asia connects to a cloud infrastructure hosted in North America and Europe. Sporadic slowness has been observed when using the PaaS and laaS components. A diagnostic using the following commands was run, and the following results were collected: Which of the following is the most likely reason for the latency?
A developer at a small startup company deployed some code for a new feature to its public repository. A few days later, a data breach occurred. A security team investigated the incident and found that the database was hacked. Which of the following is the most likely cause of this breach?
A cloud engineer wants to run a script that increases the volume storage size if it is below 100GB. Which of the following should the engineer run?
A company uses containers to implement a web application. The development team completed internal testing of a new feature and is ready to move the feature to the production environment. Which of the following deployment models would best meet the company's needs while minimizing cost and targeting a specific subset of its users?
Which of the following are best practices when working with a source control system? (Select two).
A company operates a website that allows customers to upload, share, and retain tull ownership of their photographs. Which of the following could affect image ownership as the website usage expands globally?
A cloud administrator is building a company-standard VM image, which will be based on a public image. Which of the following should the administrator implement to secure the image?
A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud. INSTRUCTIONS Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue. Web app 1 Web app 2 Web app 3 Web app 4 Client app
The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information: Which of the following is the most likely root cause of this anomaly?

Question 101

Report
Export
Collapse

Which of the following communication methods between on-premises and cloud environments would ensure minimal-to-low latency and overhead?

A.
Site-to-site VPN
A.
Site-to-site VPN
Answers
B.
Peer-to-peer VPN
B.
Peer-to-peer VPN
Answers
C.
Direct connection
C.
Direct connection
Answers
D.
peering
D.
peering
Answers
Suggested answer: C

Explanation:

A direct connection between on-premises and cloud environments involves a dedicated, private connection that does not traverse the public internet. This setup ensures minimal-to-low latency and overhead, providing more consistent network performance and reliability compared to other methods like VPNs or public internet connections, making it suitable for high-volume or latency-sensitive applications.

Question 102

Report
Export
Collapse

Which of the following vulnerability management concepts is best defined as the process of discovering vulnerabilities?

A.
Scanning
A.
Scanning
Answers
B.
Assessment
B.
Assessment
Answers
C.
Remediation
C.
Remediation
Answers
D.
Identification
D.
Identification
Answers
Suggested answer: D

Explanation:

In vulnerability management, 'Identification' is the concept best defined as the process of discovering vulnerabilities. This step is crucial as it involves detecting vulnerabilities in systems, software, and networks, which is the first step in the vulnerability management process before moving on to assessment, remediation, and reporting.

Question 103

Report
Export
Collapse

HOTSPOT

An e-commerce company is migrating from an on-premises private cloud environment to a public cloud IaaS environment. You are tasked with right-sizing the environment to save costs after the migration. The company's requirements are to provide a 20% overhead above the average resource consumption, rounded up.

INSTRUCTIONS

Review the specifications and graphs showing resource usage for the web and database servers. Determine the average resource usage and select the correct specifications from the available drop-down options.


Question 103
Correct answer: Question 103

Question 104

Report
Export
Collapse

A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.

Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.

A.
See the Explanation below for solution
A.
See the Explanation below for solution
Answers
Suggested answer: A

Explanation:

From the image, it's noticeable that some finance application rules are set to 'Block' traffic. If the client's issue is with a finance-related application not loading the login prompt, these rules could be the cause.

The rule with ID 1005, labeled 'Finance application 1', is configured to allow access to 'webapp1' for finance-related paths. However, rule 1006, labeled 'Finance application 2', is set to block access to 'webapp1' for login-related paths.

To remediate the issue based on the WAF configuration you have provided, you would want to:

Ensure that the correct paths to the finance application are allowed through the WAF.

Modify any rules that are incorrectly blocking access to the application.

If the client's problem is specifically with the login prompt, then rule 1006 seems the most likely culprit. Changing the action from 'Block' to 'Allow' for rule 1006 could potentially resolve the client's issue. The rule should be carefully reviewed and updated to ensure legitimate traffic is not being blocked while still protecting against unauthorized access.

Question 105

Report
Export
Collapse

A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.

The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.

The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.

During testing, the company discovers that only 20% of connections completed successfully.

INSTRUCTIONS

Review the network architecture and supporting documents and fulfill these requirements:

Part 1:

Part 2:

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Part 1:

Cloud Hybrid Network Diagram

Part 2:

Only select a maximum of TWO options from the multiple choice question

B) Update the PSK (Pre-shared key in Router2)

E) Change the Address Space on Router2

A.
See explanation below
A.
See explanation below
Answers
Suggested answer: A

Explanation:

Part 1: Router 2

The problematic device is Router 2, which has an incorrect configuration for the IPSec tunnel. The IPSec tunnel is a secure connection between the on-premises datacenter and the cloud provider, which allows the traffic to flow between the two networks. The IPSec tunnel requires both endpoints to have matching parameters, such as the IP addresses, the pre-shared key (PSK), the encryption and authentication algorithms, and the security associations (SAs) .

According to the network diagram and the configuration files, Router 2 has a different PSK and a different address space than Router 1. Router 2 has a PSK of ''1234567890'', while Router 1 has a PSK of ''0987654321''. Router 2 has an address space of 10.0.0.0/8, while Router 1 has an address space of 192.168.0.0/16. These mismatches prevent the IPSec tunnel from establishing and encrypting the traffic between the two networks.

The other devices do not have any obvious errors in their configuration. The DNS provider has two CNAME records that point to the application servers in the cloud provider, with different weights to balance the load. The firewall rules allow the traffic from and to the application servers on port 80 and port 443, as well as the traffic from and to the VPN server on port 500 and port 4500. The orchestration server has a script that installs and configures the application servers in the cloud provider, using the DHCP server to assign IP addresses.

Part 2:

The correct options to provide adequate configuration for hybrid cloud architecture are:

Update the PSK in Router 2.

Change the address space on Router 2.


These options will fix the IPSec tunnel configuration and allow the traffic to flow between the on-premises datacenter and the cloud provider. The PSK should match the one on Router 1, which is ''0987654321''. The address space should also match the one on Router 1, which is 192.168.0.0/16.

Question 106

Report
Export
Collapse

The QA team is testing a newly implemented clinical trial management (CTM) SaaS application that uses a business intelligence application for reporting. The UAT users were instructed to use HTTP and HTTPS.

Refer to the application dataflow:

1A -- The end user accesses the application through a web browser to enter and view clinical data.

2A -- The CTM application server reads/writes data to/from the database server.

1B -- The end user accesses the application through a web browser to run reports on clinical data.

2B -- The CTM application server makes a SOAP call on a non-privileged port to the BI application server.

3B -- The BI application server gets the data from the database server and presents it to the CTM application server.

When UAT users try to access the application using https://ctm.app.com or http://ctm.app.com, they get a message stating: ''Browser cannot display the webpage.'' The QA team has raised a ticket to troubleshoot the issue.

INSTRUCTIONS

You are a cloud engineer who is tasked with reviewing the firewall rules as well as virtual network settings.

You should ensure the firewall rules are allowing only the traffic based on the dataflow.

You have already verified the external DNS resolution and NAT are working.

Verify and appropriately configure the VLAN assignments and ACLs. Drag and drop the appropriate VLANs to each tier from the VLAN Tags table. Click on each Firewall to change ACLs as needed.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A.
See explanation below
A.
See explanation below
Answers
Suggested answer: A

Explanation:

On firewall 3, change the DENY 0.0.0.0 entry to rule 3 not rule 1.

Question 107

Report
Export
Collapse

HOTSPOT

A highly regulated business is required to work remotely, and the risk tolerance is very low. You are tasked with providing an identity solution to the company cloud that includes the following:

secure connectivity that minimizes user login

tracks user activity and monitors for anomalous activity

requires secondary authentication

INSTRUCTIONS

Select controls and servers for the proper control points.


Question 107
Correct answer: Question 107

Question 108

Report
Export
Collapse

Which of the following cloud-native architecture designs is the most easily maintained, decentralized, and decoupled?

A.
Monolithic
A.
Monolithic
Answers
B.
Hybrid cloud
B.
Hybrid cloud
Answers
C.
Mainframe
C.
Mainframe
Answers
D.
Microservices
D.
Microservices
Answers
Suggested answer: D

Explanation:

Microservices architecture is a design approach to build a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. This design is decentralized and each service is fully decoupled, allowing for easier maintenance and scaling. Each microservice is built around a specific business capability and can be deployed independently, unlike monolithic architectures that are typically centralized and less flexible.

Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Designing a Cloud Environment

Question 109

Report
Export
Collapse

An organization's internal security team mandated that public cloud resources must be accessible only by a corporate VPN and not by direct public internet access. Which of the following would achieve this objective?

A.
WAF
A.
WAF
Answers
B.
ACL
B.
ACL
Answers
C.
VPC
C.
VPC
Answers
D.
SSH
D.
SSH
Answers
Suggested answer: C

Explanation:

A Virtual Private Cloud (VPC) allows users to create a secluded section of the public cloud where resources can be launched in a defined virtual network. This enables an organization to have a section of the cloud that is secured and isolated from the public internet, thus, access to public cloud resources can be restricted to only a corporate VPN.

Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Security

Question 110

Report
Export
Collapse

Which of the following Al/ML technologies consumes text input to discern tone?

A.
Text recognition
A.
Text recognition
Answers
B.
Computer vision
B.
Computer vision
Answers
C.
Visual recognition
C.
Visual recognition
Answers
D.
Sentiment analysis
D.
Sentiment analysis
Answers
Suggested answer: D

Explanation:

Sentiment analysis is an AI/ML technology that processes text to determine the tone. It helps in understanding the sentiments behind the words by analyzing the text input, which can be positive, negative, or neutral.

Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Technologies and Applications

Total 224 questions
Go to page: of 23
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms