Dumps4download providing 100% reliable Exam dumps that are verified by experts panel. Our Dumps4download CV0-003 study material are totally unique and exam questions are valid all over the world. By using our CV0-003 dumps we assure you that you will pass your exam on first attempt. You can easily score more than 97%.
100% exam passing Guarantee on your purchased exams.
100% money back guarantee if you will not clear your exam.
CompTIA CV0-003 Practice Test Helps You Turn Dreams To Reality!
IT Professionals from every sector are looking up certifications to boost their careers. CompTIA being the leader certification provider earns the most demand in the industry.
The CompTIA Certification is your short-cut to an ever-growing success. In the process, Dumps4download is your strongest coordinator, providing you with the best CV0-003 Dumps PDF as well as Online Test Engine. Let’s steer your career to a more stable future with interactive and effective CV0-003 Practice Exam Dumps.
Many of our customers are already excelling in their careers after achieving their goals with our help. You can too be a part of that specialized bunch with a little push in the right direction. Let us help you tread the heights of success.
Apply for the CV0-003 Exam right away so you can get certified by using our CompTIA Dumps.
Bulk Exams Package
2 Exams Files
10% off
2 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection
3 Exams Files
15% off
3 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection
5 Exams Files
20% off
5 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection
10 Exams Files
25% off
10 Different Exams
Latest and Most Up-todate Dumps
Free 3 Months Updates
Exam Passing Guarantee
Secure Payment
Privacy Protection
Dumps4download Leads You To A 100% Success in First Attempt!
Our CV0-003 Dumps PDF is intended to meet the requirements of the most suitable method for exam preparation. We especially hired a team of experts to make sure you get the latest and compliant CV0-003 Practice Test Questions Answers. These questions are been selected according to the most relevance as well as the highest possibility of appearing in the exam. So, you can be sure of your success in the first attempt.
Interactive & Effective CV0-003 Dumps PDF + Online Test Engine
Aside from our CompTIA CV0-003 Dumps PDF, we invest in your best practice through Online Test Engine. They are designed to reflect the actual exam format covering each topic of your exam. Also, with our interactive interface focusing on the exam preparation is easier than ever. With an easy-to-understand, interactive and effective study material assisting you there is nothing that could go wrong. We are 100% sure that our CV0-003 Questions Answers Practice Exam is the best choice you can make to pass the exam with top score.
How Dumps4download Creates Better Opportunities for You!
Dumps4download knows how hard it is for you to beat this tough CompTIA Exam terms and concepts. That is why to ease your preparation we offer the best possible training tactics we know best. Online Test Engine provides you an exam-like environment and PDF helps you take your study guide wherever you are. Best of all, you can download CV0-003 Dumps PDF easily or better print it. For the purpose of getting concepts across as easily as possible, we have used simple language. Adding explanations at the end of the CV0-003 Questions and Answers Practice Test we ensure nothing slips your grasp.
The exam stimulation is 100 times better than any other test material you would encounter. Besides, if you are troubled with anything concerning CompTIA Cloud+ Certification Exam Exam or the CV0-003 Dumps PDF, our 24/7 active team is quick to respond. So, leave us a message and your problem will be solved in a few minutes.
Get an Absolutely Free Demo Today!
Dumps4download offers an absolutely free demo version to test the product with sample features before actually buying it. This shows our concern for your best experience. Once you are thoroughly satisfied with the demo you can get the CompTIA Cloud+ Certification Exam Practice Test Questions instantly.
24/7 Online Support – Anytime, Anywhere
Have a question? You can contact us anytime, anywhere. Our 24/7 Online Support makes sure you have absolutely no problem accessing or using CompTIA Cloud+ Certification Exam Practice Exam Dumps. What’s more, Dumps4download is mobile compatible so you can access the site without having to log in to your Laptop or PC.
Features to use Dumps4download CV0-003 Dumps:
Thousands of satisfied customers.
Good grades are 100% guaranteed.
100% verified by Experts panel.
Up to date exam data.
Dumps4download data is 100% trustworthy.
Passing ratio more than 99%
100% money back guarantee.
CompTIA CV0-003 Frequently Asked Questions
CompTIA CV0-003 Sample Questions
Question # 1
A systems administrator is troubleshooting performance issues with a VDI environment. The
administrator determines the issue is GPU related and then increases the frame buffer on the virtual
machines. Testing confirms the issue is solved, and everything is now working correctly. Which of the
following should the administrator do NEXT?
A. Consult corporate policies to ensure the fix is allowed B. Conduct internal and external research based on the symptoms C. Document the solution and place it in a shared knowledge base D. Establish a plan of action to resolve the issue
Answer: C
Explanation: Documenting the solution and placing it in a shared knowledge base is what the administrator
should do next after troubleshooting performance issues with a VDI (Virtual Desktop Infrastructure)
environment, determining that the issue is GPU (Graphics Processing Unit) related, increasing the
frame buffer on the virtual machines, and testing that confirms that the issue is solved and
everything is now working correctly. Documenting the solution is a process of recording and
describing what was done to fix or resolve an issue, such as actions, steps, methods, etc., as well as
why and how it worked. Placing it in a shared knowledge base is a process of storing and organizing
documented solutions in a central location or repository that can be accessed and used by others.
Documenting the solution and placing it in a shared knowledge base can provide benefits such as:
Learning: Documenting the solution and placing it in a shared knowledge base can help to learn from
past experiences and improve skills and knowledge.
Sharing: Documenting the solution and placing it in a shared knowledge base can help to share
information and insights with others who may face similar issues or situations.
Reusing: Documenting the solution and placing it in a shared knowledge base can help to reuse
existing solutions for future issues or situations.
Question # 2
A disaster situation has occurred, and the entire team needs to be informed about the situation.
Which of the following documents will help the administrator find the details of the relevant team
members for escalation?
A. Chain of custody B. Root cause analysis C. Playbook D. Call tree
Answer: D
Explanation: A call tree is what will help the administrator find the details of the relevant team members for
escalation after a disaster situation has occurred and the entire team needs to be informed about the
situation. A call tree is a document or diagram that shows the hierarchy or sequence of
communication or notification among team members in case of an emergency or incident, such as a
disaster situation. A call tree can help to find the details of the relevant team members for escalation
by providing information such as:
Name: This indicates who is involved in the communication or notification process, such as team
members, managers, stakeholders, etc.
Role: This indicates what is their function or responsibility in the communication or notification
process, such as initiator, receiver, sender, etc.
Contact: This indicates how they can be reached or contacted in the communication or notification
process, such as phone number, email address, etc
Question # 3
An administrator recently provisioned a file server in the cloud. Based on financial considerations,
the administrator has a limited amount of disk space. Which of the following will help control the
amount of space that is being used?
A. Thick provisioning B. Software-defined storage C. User quotas D. Network file system
Answer: C Explanation: User quotas are what will help control the amount of space that is being used by a file server in the
cloud that has a limited amount of disk space due to financial considerations. User quotas are the
limits or restrictions that are imposed on the amount of space that each user can use or consume on
a file server or storage device. User quotas can help to control the amount of space that is being used
by:
Preventing or reducing wastage or overuse of space by users who may store unnecessary or
redundant files or data on the file server or storage device.
Ensuring fair and equal distribution or allocation of space among users who may have different needs
or demands for space on the file server or storage device.
Monitoring and managing the usage or consumption of space by users who may need to be notified
or alerted when they reach or exceed their quota on the file server or storage device.
Question # 4
A company wants to move its environment from on premises to the cloud without vendor lock-in.
Which of the following would BEST meet this requirement?
A. DBaaS B. SaaS C. IaaS D. PaaS
Answer: C
Explanation: IaaS (Infrastructure as a Service) is what would best meet the requirement of moving an
environment from on premises to the cloud without vendor lock-in. Vendor lock-in is a situation
where customers become dependent on or tied to a specific vendor or provider for their products or
services, and face difficulties
Question # 5
A systems administrator is deploying a new cloud application and needs to provision cloud services
with minimal effort. The administrator wants to reduce the tasks required for maintenance, such as
OS patching, VM and volume provisioning, and autoscaling configurations. Which of the following
would be the BEST option to deploy the new application?
A. A VM cluster B. Containers C. OS templates D. Serverless
Answer: D
Explanation: Serverless is what would be the best option to deploy a new cloud application and provision cloud
services with minimal effort while reducing the tasks required for maintenance such as OS patching,
VM and volume provisioning, and autoscaling configurations. Serverless is a cloud service model that
provides customers with a platform to run applications or functions without having to manage or
provision any underlying infrastructure or resources, such as servers, storage, network, OS, etc.
Serverless can provide benefits such as:
Minimal effort: Serverless can reduce the effort required to deploy a new cloud application and
provision cloud services by automating and abstracting away all the infrastructure or resource
management or provisioning tasks from customers, and allowing them to focus only on writing code
or logic for their applications or functions.
Reduced maintenance: Serverless can reduce the tasks required for maintenance by handling all the
infrastructure or resource maintenance tasks for customers, such as OS patching, VM and volume
provisioning, autoscaling configurations, etc., and ensuring that they are always up-to-date and
optimized.
Question # 6
A cloud administrator used a deployment script to recreate a number of servers hosted in a publiccloud
provider_ However, after the script completes, the administrator receives the following error
when attempting to connect to one of the servers Via SSH from the administrators workstation:
CHANGED. Which of the following IS the MOST likely cause of the issue?
A. The DNS records need to be updated B. The cloud provider assigned a new IP address to the server. C. The fingerprint on the server's RSA key is different D. The administrator has not copied the public key to the server.
Answer: C Explanation: This error indicates that the SSH client has detected a change in the server's RSA key, which is used
to authenticate the server and establish a secure connection. The SSH client stores the fingerprints of
the servers it has previously connected to in a file called known_hosts, which is usually located in the
~/.ssh directory. When the SSH client tries to connect to a server, it compares the fingerprint of the
server's RSA key with the one stored in the known_hosts file. If they match, the connection proceeds.
If they do not match, the SSH client warns the user of a possible man-in-the-middle attack or a host
key change, and aborts the connection. The most likely cause of this error is that the deployment script has recreated the server with a new
RSA key, which does not match the one stored in the known_hosts file. This can happen when a
server is reinstalled, cloned, or migrated. To resolve this error, the administrator needs to remove or
update the old fingerprint from the known_hosts file, and accept the new fingerprint when
connecting to the server again. Alternatively, the administrator can use a tool or service that can
synchronize or manage the RSA keys across multiple servers, such as AWS Key Management Service
(AWS KMS) 1, Azure Key Vault 2, or HashiCorp Vault 3.
Question # 7
A company is considering consolidating a number of physical machines into a virtual infrastructure
that will be located at its main office. The company has the following requirements:
High-performance VMs
More secure
Has system independence
Which of the following is the BEST platform for the company to use?
A. Type 1 hypervisor B. Type 2 hypervisor C. Software application virtualization D. Remote dedicated hosting
Answer: A
Explanation: A type 1 hypervisor is what would best meet the requirements of high-performance VMs (Virtual
Machines), more secure, and has system independence for a company that wants to move its
environment from on premises to the cloud without vendor lock-in. A hypervisor is a software or
hardware that allows multiple VMs to run on a single physical host or server. A hypervisor can be
classified into two types:
Type 1 hypervisor: This is a hypervisor that runs directly on the hardware or bare metal of the host or
server, without any underlying OS (Operating System). A type 1 hypervisor can provide benefits such
as:
High-performance: A type 1 hypervisor can provide high-performance by eliminating any overhead
or interference from an OS, and allowing direct access and control of the hardware resources by the
VMs.
More secure: A type 1 hypervisor can provide more security by reducing the attack surface or
exposure of the host or server, and isolating and protecting the VMs from each other and from the
hardware.
System independence: A type 1 hypervisor can provide system independence by allowing different
types of OSs to run on the VMs, regardless of the hardware or vendor of the host or server.
Type 2 hypervisor: This is a hypervisor that runs on top of an OS of the host or server, as a software
application or program. A type 2 hypervisor can provide benefits such as:
Ease of installation and use: A type 2 hypervisor can be easily installed and used as a software
application or program on an existing OS, without requiring any changes or modifications to the
hardware or configuration of the host or server.
Compatibility and portability: A type 2 hypervisor can be compatible and portable with different
types of hardware or devices that support the OS of the host or server, such as laptops, desktops,
smartphones, etc.
Question # 8
A cloud engineer needs to perform a database migration_ The database has a restricted SLA and
cannot be offline for more than ten minutes per month The database stores 800GB of data, and the
network bandwidth to the CSP is 100MBps. Which of the following is the BEST option to perform the
migration?
A. Copy the database to an external device and ship the device to the CSP B. Create a replica database, synchronize the data, and switch to the new instance. C. Utilize a third-patty tool to back up and restore the data to the new database D. use the database import/export method and copy the exported file.
Answer: B Explanation: The correct answer is B. Create a replica database, synchronize the data, and switch to the new
instance. This option is the best option to perform the migration because it can minimize the downtime and
data loss during the migration process. A replica database is a copy of the source database that is
kept in sync with the changes made to the original database. By creating a replica database in the
cloud, the cloud engineer can transfer the data incrementally and asynchronously, without affecting
the availability and performance of the source database. When the replica database is fully
synchronized with the source database, the cloud engineer can switch to the new instance by
updating the connection settings and redirecting the traffic. This can reduce the downtime to a few
minutes or seconds, depending on the complexity of the switch. Some of the tools and services that can help create a replica database and synchronize the data are
AWS Database Migration Service (AWS DMS) 1, Azure Database Migration Service 2, and Striim 3.
These tools and services can support various source and target databases, such as Oracle, MySQL,
PostgreSQL, SQL Server, MongoDB, etc. They can also provide features such as schema conversion,
data validation, monitoring, and security. The other options are not the best options to perform the migration because they can cause more
downtime and data loss than the replica database option. Copying the database to an external device and shipping the device to the CSP is a slow and risky
option that can take days or weeks to complete. It also exposes the data to physical damage or theft
during transit. Moreover, this option does not account for the changes made to the source database
after copying it to the device, which can result in data inconsistency and loss. Utilizing a third-party tool to back up and restore the data to the new database is a faster option than
shipping a device, but it still requires a significant amount of downtime and bandwidth. The source
database has to be offline or in read-only mode during the backup process, which can take hours or
days depending on the size of the data and the network speed. The restore process also requires
downtime and bandwidth, as well as compatibility checks and configuration adjustments. Additionally, this option does not account for the changes made to the source database after backing
it up, which can result in data inconsistency and loss. Using the database import/export method and copying the exported file is a similar option to using a
third-party tool, but it relies on native database features rather than external tools. The
import/export method involves exporting the data from the source database into a file format that
can be imported into the target database. The file has to be copied over to the target database and
then imported into it. This option also requires downtime and bandwidth during both export and
import processes, as well as compatibility checks and configuration adjustments. Furthermore, this
option does not account for the changes made to the source database after exporting it, which can
result in data inconsistency and loss.
Question # 9
Users of a public website that is hosted on a cloud platform are receiving a message indicating the
connection is not secure when landing on the website. The administrator has found that only a single
protocol is opened to the service and accessed through the URL https://www.comptiasite.com.
Which of the following would MOST likely resolve the issue?
A. Renewing the expired certificate B. Updating the web-server software C. Changing the crypto settings on the web server D. Upgrading the users' browser to the latest version
Answer: A
Explanation: Renewing the expired certificate is what would most likely resolve the issue of users receiving a
message indicating the connection is not secure when landing on a website that is hosted on a cloud
platform and accessed through https://www.comptiasite.com. A certificate is a digital document that
contains information such as identity, public key, expiration date, etc., that can be used to prove
one's identity and establish secure communication over a network. A certificate can expire when it
reaches its validity period and needs to be renewed or replaced. An expired certificate can cause
users to receive a message indicating the connection is not secure by indicating that the website's
identity or security cannot be verified or trusted. Renewing the expired certificate can resolve the
issue by extending its validity period and restoring its identity or security verification or trust.
Question # 10
A cloud administrator is assigned to establish a connection between the on-premises data center and
the new CSP infrastructure. The connection between the two locations must be secure at all times
and provide service for all users inside the organization. Low latency is also required to improve
performance during data transfer operations. Which of the following would BEST meet these
requirements?
A. A VPC peering configuration B. An IPSec tunnel C. An MPLS connection D. A point-to-site VPN
Answer: B
Explanation: An IPSec tunnel is what would best meet the requirements of establishing a connection between the
on-premises data center and the new CSP infrastructure that is secure at all times and provides
service for all users inside the organization with low latency. IPSec (Internet Protocol Security) is a
protocol that encrypts and secures network traffic over IP networks. IPSec tunnel is a mode of IPSec
that creates a virtual private network (VPN) tunnel between two endpoints, such as routers,
firewalls, gateways, etc., and encrypts and secures all traffic that passes through it. An IPSec tunnel
can meet the requirements by providing:
Security: An IPSec tunnel can protect network traffic from interception, modification, spoofing, etc.,
by using encryption, authentication, integrity, etc., mechanisms.
Service: An IPSec tunnel can provide service for all users inside the organization by allowing them to
access and use network resources or services on both ends of the tunnel, regardless of their physical
location.
Low latency: An IPSec tunnel can provide low latency by reducing the number of hops or devices that
network traffic has to pass through between the endpoints of the tunnel.
Question # 11
A Cloud administrator needs to reduce storage costs. Which of the following would BEST help the
administrator reach that goal?
A. Enabling compression B. Implementing deduplication C. Using containers D. Rightsizing the VMS
Answer: B Explanation: The correct answer is B. Implementing deduplication would best help the administrator reduce
storage costs. Deduplication is a technique that eliminates redundant copies of data and stores only one unique
instance of the dat a. This can reduce the amount of storage space required and lower the storage costs. Deduplication
can be applied at different levels, such as file-level, block-level, or object-level. Deduplication can
also improve the performance and efficiency of backup and recovery operations. Enabling compression is another technique that can reduce storage costs, but it may not be as
effective as deduplication, depending on the type and amount of data. Compression reduces the size
of data by applying algorithms that remove or replace redundant or unnecessary bits. Compression
can also affect the quality and accessibility of the data, depending on the compression ratio and
method. Using containers and rightsizing the VMs are techniques that can reduce compute costs, but not
necessarily storage costs. Containers are lightweight and portable units of software that run on a
shared operating system and include only the necessary dependencies and libraries. Containers can
reduce the overhead and resource consumption of virtual machines (VMs), which require a full
operating system for each instance. Rightsizing the VMs means adjusting the CPU, memory, disk, and
network resources of the VMs to match their workload requirements. Rightsizing the VMs can
optimize their performance and utilization, and avoid overprovisioning or underprovisioning.
Question # 12
A technician is trying to delete six decommissioned VMs. Four VMs were deleted without issue.
However, two of the VMs cannot be deleted due to an error. Which of the following would MOST
likely enable the technician to delete the VMs?
A. Remove the snapshots B. Remove the VMs' IP addresses C. Remove the VMs from the resource group D. Remove the lock from the two VMs
Answer: D
Explanation: Removing the lock from the two VMs is what would most likely enable the technician to delete the
VMs that cannot be deleted due to an error. A lock is a feature that prevents certain actions or
operations from being performed on a resource or service, such as deleting, modifying, moving, etc.
A lock can help to protect a resource or service from accidental or unwanted changes or removals.
Removing the lock from the two VMs can enable the technician to delete them by allowing the
delete action or operation to be performed on them.
Question # 13
A systems administrator is configuring updates on a system. Which of the following update branches
should the administrator choose to ensure the system receives updates that are maintained for at
least four years?
A. LTS B. Canary C. Beta D. Stable
Answer: A
Explanation: LTS (Long Term Support) is the update branch that the administrator should choose to ensure the
system receives updates that are maintained for at least four years. An update branch is a category or
group of updates that have different characteristics or features, such as frequency, stability, duration,
etc. An update branch can help customers to choose the type of updates that suit their needs and
preferences. LTS is an update branch that provides updates that are stable, reliable, and secure, and
are supported for a long period of time, usually four years or more. LTS can help customers who
value stability and security over new features or functions, and who do not want to change or
upgrade their systems frequently.
Question # 14
A company that performs passive vulnerability scanning at its transit VPC has detected a vulnerability
related to outdated web-server software on one of its public subnets. Which of the following can the
use to verify if this is a true positive with the LEAST effort and cost? (Select TWO).
A. A network-based scan B. An agent-based scan C. A port scan D. A red-team exercise E. A credentialed scan F. A blue-team exercise G. Unknown environment penetration testing
Answer: BE Explanation: The correct answer is B and E. An agent-based scan and a credentialed scan can help verify if the
vulnerability related to outdated web-server software is a true positive with the least effort and cost.
An agent-based scan is a type of vulnerability scan that uses software agents installed on the target
systems to collect and report data on vulnerabilities. This method can provide more accurate and
detailed results than a network-based scan, which relies on network traffic analysis and probes1. An
agent-based scan can also reduce the network bandwidth and performance impact of scanning, as
well as avoid triggering false alarms from intrusion detection systems2. A credentialed scan is a type of vulnerability scan that uses valid login credentials to access the target
systems and perform a more thorough and comprehensive assessment of their configuration, patch
level, and vulnerabilities. A credentialed scan can identify vulnerabilities that are not visible or
exploitable from the network level, such as missing updates, weak passwords, or misconfigured
services3. A credentialed scan can also reduce the risk of false positives and false negatives, as well
as avoid causing damage or disruption to the target systems3. A network-based scan, a port scan, a red-team exercise, a blue-team exercise, and unknown
environment penetration testing are not the best options to verify if the vulnerability is a true
positive with the least effort and cost. A network-based scan and a port scan may not be able to
detect the vulnerability if it is not exposed or exploitable from the network level. A red-team
exercise, a blue-team exercise, and unknown environment penetration testing are more complex,
time-consuming, and costly methods that involve simulating real-world attacks or defending against
them. These methods are more suitable for testing the overall security posture and resilience of an
organization, rather than verifying a specific vulnerability4.
Question # 15
A company needs to migrate the storage system and batch jobs from the local storage system to a
public cloud provider. Which of the following accounts will MOST likely be created to run the batch
processes?
A. User B. LDAP C. Role-based D. Service
Answer: D
Explanation: A service account is what will most likely be created to run the batch processes that migrate the
storage system and batch jobs from the local storage system to a public cloud provider. A service
account is a special type of account that is used to perform automated tasks or operations on a
system or service, such as running scripts, applications, or processes. A service account can provide
benefits such as:
Security: A service account can have limited or specific permissions and roles that are required to
perform the tasks or operations, which can prevent unauthorized or malicious access or actions.
Efficiency: A service account can run the tasks or operations without any human intervention or
interaction, which can save time and effort.
Reliability: A service account can run the tasks or operations consistently and accurately, which can
reduce errors or failures.
Question # 16
A company had a system compromise, and the engineering team resolved the issue after 12 hours.
Which of the following information will MOST likely be requested by the Chief Information Officer
(CIO) to understand the issue and its resolution?
A. A root cause analysis B. Application documentation C. Acquired evidence D. Application logs
Answer: A
Explanation: A root cause analysis is what will most likely be requested by the Chief Information Officer (CIO) to
understand the issue and its resolution after a system compromise that was resolved by the
engineering team after 12 hours. A root cause analysis is a technique of investigating and identifying
the underlying or fundamental cause or reason for an incident or issue that affects or may affect the
normal operation or performance of a system or service. A root cause analysis can help to
understand the issue and its resolution by providing information such as:
What happened: This describes what occurred during the incident or issue, such as symptoms,
effects, impacts, etc.
Why it happened: This explains why the incident or issue occurred, such as triggers, factors,
conditions, etc.
How it was resolved: This details how the incident or issue was fixed or mitigated, such as actions,
steps, methods, etc.
How it can be prevented: This suggests how the incident or issue can be avoided or reduced in the
future, such as recommendations, improvements, changes, etc.
Question # 17
A systems administrator has received an email from the virtualized environment's alarms indicating
the memory was reaching full utilization. When logging in, the administrator notices that one out of
a five-host cluster has a utilization of 500GB out of 512GB of RAM. The baseline utilization has been
300GB for that host. Which of the following should the administrator check NEXT?
A. Storage array B. Running applications C. VM integrity D. Allocated guest resources
Answer: D
Explanation: Allocated guest resources is what the administrator should check next after receiving an email from
the virtualized environment's alarms indicating the memory was reaching full utilization and noticing
that one out of a five-host cluster has a utilization of 500GB out of 512GB of RAM. Allocated guest
resources are the amount of resources or capacity that are assigned or reserved for each guest
system or device within a host system or device. Allocated guest resources can affect performance
and utilization of host system or device by determining how much resources or capacity are available
or used by each guest system or device. Allocated guest resources should be checked next by
comparing them with the actual usage or demand of each guest system or device, as well as
identifying any overallocation or underallocation of resources that may cause inefficiency or wastage.
Question # 18
A systems administrator adds servers to a round-robin, load-balanced pool, and then starts receiving
reports of the website being intermittently unavailable. Which of the following is the MOST likely
cause of the issue?
A. The network is being saturated. B. The load balancer is being overwhelmed. C. New web nodes are not operational. D. The API version is incompatible. E. There are time synchronization issues.
Answer: C
Explanation: New web nodes are not operational is the most likely cause of the issue of website being
intermittently unavailable after adding servers to a round-robin, load-balanced pool. A round-robin,
load-balanced pool is a method of distributing network traffic evenly and sequentially among
multiple servers or nodes that provide the same service or function. A round-robin, load-balanced
pool can help to improve performance, availability, and scalability of network applications or services
by ensuring that no server or node is overloaded or underutilized. New web nodes are not
operational if they are not configured properly or functioning correctly to provide web service or
function. New web nodes are not operational can cause website being intermittently unavailable by
disrupting the round-robin, load-balanced pool and creating inconsistency or unreliability in web
service or function.
Question # 19
A systems administrator is working in a globally distributed cloud environment. After a file server VM
was moved to another region, all users began reporting slowness when saving files. Which of the
following is the FIRST thing the administrator should check while troubleshooting?
A. Network latency B. Network connectivity C. Network switch D. Network peering
Answer: A
Explanation: Network latency is the first thing that the administrator should check while troubleshooting slowness
when saving files after a file server VM was moved to another region in a globally distributed cloud
environment. Network latency is a measure of how long it takes for data to travel from one point to
another over a network or connection. Network latency can affect performance and user experience
of cloud applications or services by determining how fast data can be transferred or processed
between clients and servers or vice versa. Network latency can vary depending on various factors,
such as distance, bandwidth, congestion, interference, etc. Network latency can increase when a file
server VM is moved to another region in a globally distributed cloud environment, as it may increase
the distance and decrease the bandwidth between clients and servers, which may result in delays or
errors in data transfer or processing.
Question # 20
A cloud engineer is deploying a server in a cloud platform. The engineer reviews a security scan
report. Which of the following recommended services should be disabled? (Select TWO).
A. Telnet B. FTP C. Remote login D. DNS E. DHCP F. LDAP
Answer: AB Explanation: Telnet and FTP are two services that should be disabled on a cloud server because they are insecure
and vulnerable to attacks. Telnet and FTP use plain text to transmit data over the network, which
means that anyone who can intercept the traffic can read or modify the data, including usernames,
passwords, commands, files, etc. This can lead to data breaches, unauthorized access, or malicious
actions on the server1. Instead of Telnet and FTP, more secure alternatives should be used, such as SSH (Secure Shell) and
SFTP (Secure File Transfer Protocol). SSH and SFTP use encryption to protect the data in transit and
provide authentication and integrity checks for the communication. SSH and SFTP can prevent
eavesdropping, tampering, or spoofing of the data and ensure the confidentiality and privacy of the
server2. The other options are not services that should be disabled on a cloud server:
Option C: Remote login. Remote login is a service that allows users to access a remote server from
another location using a network connection. Remote login can be useful for managing, configuring,
or troubleshooting a cloud server without having to physically access it. Remote login can be secured
by using encryption, authentication, authorization, and logging mechanisms3. Option D: DNS (Domain Name System). DNS is a service that translates human-friendly domain
names into IP addresses that can be used to communicate over the Internet. DNS is essential for
resolving the names of the cloud resources and services that are hosted on the cloud platform. DNS
can be secured by using DNSSEC (DNS Security Extensions), which add digital signatures to DNS
records to verify their authenticity and integrity. Option E: DHCP (Dynamic Host Configuration Protocol). DHCP is a service that assigns IP addresses
and other network configuration parameters to devices on a network. DHCP can simplify the
management of IP addresses and avoid conflicts or errors in the network. DHCP can be secured by
using DHCP snooping, which filters out unauthorized DHCP messages and prevents rogue DHCP
servers from assigning IP addresses. Option F: LDAP (Lightweight Directory Access Protocol). LDAP is a service that stores and organizes
information about users, devices, and resources on a network. LDAP can provide identity
management and access control for the cloud environment. LDAP can be secured by using LDAPS
(LDAP over SSL/TLS), which encrypts the LDAP traffic and provides authentication and integrity
checks.
Question # 21
A cloud administrator needs to reduce the cost of cloud services by using the company's off-peak
period. Which of the following would be the BEST way to achieve this with minimal effort?
A. Create a separate subscription. B. Create tags. C. Create an auto-shutdown group. D. Create an auto-scaling group.
Answer: C
Explanation: Creating an auto-shutdown group is the best way to reduce the cost of cloud services by using the
company's off-peak period with minimal effort. An auto-shutdown group is a feature that allows
customers to automatically turn off or shut down certain cloud resources or services during a
specified time period or schedule. An auto-shutdown group can help to reduce the cost of cloud
services by minimizing the consumption of resources or services during off-peak periods, when they
are not needed or used. An auto-shutdown group can also help to reduce the effort of managing
cloud resources or services by automating the shutdown process, without requiring any manual
intervention or configuration.
Question # 22
An organization is using multiple SaaS-based business applications, and the systems administrator is
unable to monitor and control the use of these subscriptions. The administrator needs to implement
a solution that will help the organization apply security policies and monitor each individual SaaS
subscription. Which of the following should be deployed to achieve these requirements?
A. DLP B. CASB C. IPS D. HIDS
Answer: B
Explanation: CASB (Cloud Access Security Broker) is what should be deployed to monitor and control the use of
multiple SaaS-based business applications in a cloud environment. SaaS (Software as a Service) is a
cloud service model that provides customers with access to software applications hosted on remote
servers over a network or internet connection. SaaS can provide customers with convenience,
flexibility, and scalability, but it may also introduce security risks such as data breaches, leaks, losses,
etc., especially if customers have multiple SaaS subscriptions from different providers. CASB is a tool
or service that acts as an intermediary between customers and SaaS providers. CASB can help to
monitor and control the use of multiple SaaS subscriptions by providing features such as:
Visibility: CASB can provide visibility into what SaaS applications are being used, by whom, when,
where, how, etc., as well as identify any unauthorized or suspicious activities.
Compliance: CASB can provide compliance with various laws, regulations, standards, policies, etc.,
that apply to SaaS applications and data, such as GDPR, HIPAA, PCI DSS, etc., as well as enforce them
using rules or actions.
Security: CASB can provide security for SaaS applications and data by detecting and preventing any
threats or attacks, such as malware, phishing, ransomware, etc., as well as protecting them using
encryption, authentication, authorization, etc.
Question # 23
A cloud solutions architect has an environment that must only be accessed during work hours. Which
of the following processes should be automated to BEST reduce cost?
A. Scaling of the environment after work hours B. Implementing access control after work hours C. Shutting down the environment after work hours D. Blocking external access to the environment after work hours
Answer: C Explanation: One of the main benefits of cloud computing is that you only pay for the resources that you
use. However, this also means that you need to manage your cloud resources efficiently and avoid
paying for idle or unused resources1. Shutting down the environment after work hours is a process that can be automated to best reduce
cost in a cloud environment that must only be accessed during work hours. This process involves
stopping or terminating the cloud resources, such as virtual machines, databases, load balancers,
etc., that are not needed outside of the work hours. This can significantly reduce the cloud bill by
avoiding charges for compute, storage, network, and other services that are not in use2. The other options are not the best processes to automate to reduce cost in this scenario: Option A: Scaling of the environment after work hours. Scaling is a process that involves adjusting the
number or size of cloud resources to match the demand or workload. Scaling can be done manually
or automatically using triggers or policies. Scaling can help optimize the performance and availability
of a cloud environment, but it does not necessarily reduce the cost. Scaling down the environment
after work hours may reduce some costs, but it may still incur charges for the remaining
resources. Scaling up the environment before work hours may increase the cost and also introduce
delays or errors in provisioning new resources3. Option B: Implementing access control after work hours. Access control is a process that involves
defining and enforcing rules and policies for who can access what resources in a cloud environment.
Access control can help improve the security and compliance of a cloud environment, but it does not
directly affect the cost. Implementing access control after work hours may prevent unauthorized
access to the environment, but it does not stop or terminate the resources that are still running and
consuming cloud services4. Option D: Blocking external access to the environment after work hours. Blocking external access is a
process that involves restricting or denying network traffic from outside sources to a cloud
environment. Blocking external access can help protect the environment from potential attacks or
breaches, but it does not impact the cost. Blocking external access after work hours may prevent
unwanted requests or connections to the environment, but it does not shut down or release the
resources that are still active and generating cloud charges.
Question # 24
A systems administrator is troubleshooting a performance issue with a virtual database server. The
administrator has identified the issue as being disk related and believes the cause is a lack of IOPS on
the existing spinning disk storage. Which of the following should the administrator do NEXT to
resolve this issue?
A. Upgrade the virtual database server. B. Move the virtual machine to flash storage and test again. C. Check if other machines on the same storage are having issues. D. Document the findings and place them in a shared knowledge base.
Answer: B
Explanation: Moving the virtual machine to flash storage and testing again is what the administrator should do
next to resolve the issue of disk-related performance issue with a virtual database server that has
been identified as being caused by a lack of IOPS on the existing spinning disk storage. IOPS
(Input/Output Operations Per Second) is a measure of how fast a storage device can read and write
data. IOPS can affect performance of a virtual database server by determining how quickly it can
access and process data from storage. Spinning disk storage is a type of storage device that uses
rotating magnetic disks to store data. Spinning disk storage has lower IOPS than flash storage, which
is a type of storage device that uses solid-state memory chips to store data. Flash storage has higher
IOPS than spinning disk storage, which means that it can read and write data faster and more
efficiently than spinning disk storage. Moving the virtual machine to flash storage and testing again
can help to resolve the issue by increasing the IOPS and improving the performance of the virtual
database server.
Question # 25
A systems administrator is configuring a DNS server. Which of the following steps should a technician
take to ensure confidentiality between the DNS server and an upstream DNS provider?
A. Enable DNSSEC. B. Implement single sign-on. C. Configure DOH. D. Set up DNS over SSL.
Answer: C Explanation: DNS (Domain Name System) is a service that translates human-friendly domain names into IP
addresses that can be used to communicate over the Internet1. However, DNS queries and
responses are usually sent in plain text, which means that anyone who can intercept the network
traffic can see the domain names that the users are requesting. This poses a threat to the
confidentiality and privacy of the users and their online activities2. To ensure confidentiality between the DNS server and an upstream DNS provider, a technician should
configure DOH (DNS over HTTPS). DOH is a protocol that encrypts DNS queries and responses using
HTTPS (Hypertext Transfer Protocol Secure), which is a secure version of HTTP that uses SSL/TLS
(Secure Sockets Layer/Transport Layer Security) to protect the data in transit3. By using DOH, the
technician can prevent eavesdropping, tampering, or spoofing of DNS traffic by malicious actors3.
The other options are not the best steps to ensure confidentiality between the DNS server and an
upstream DNS provider: Option A: Enable DNSSEC (DNS Security Extensions). DNSSEC is a set of extensions that add digital
signatures to DNS records, which can be used to verify the authenticity and integrity of the DNS dat
a. DNSSEC can prevent DNS cache poisoning attacks, where an attacker inserts false DNS records into
a DNS server's cache, redirecting users to malicious websites. However, DNSSEC does not encrypt or
hide the DNS queries and responses, so it does not provide confidentiality for DNS traffic2. Option B: Implement single sign-on (SSO). SSO is a mechanism that allows users to access multiple
services or applications with one set of credentials, such as a username and password. SSO can
simplify the authentication process and reduce the risk of password compromise or phishing attacks.
However, SSO does not affect the communication between the DNS server and an upstream DNS
provider, so it does not provide confidentiality for DNS traffic. Option D: Set up DNS over SSL (DNS over Secure Sockets Layer). This option is not a valid protocol for
securing DNS traffic. SSL is a deprecated protocol that has been replaced by TLS (Transport Layer
Security), which is more secure and robust. The correct protocol for encrypting DNS traffic using
SSL/TLS is DOH (DNS over HTTPS), as explained above.
Question # 26
A cloud administrator is setting up a new coworker for API access to a public cloud environment. The
administrator creates a new user and gives the coworker access to a collection of automation scripts.
When the coworker attempts to use a deployment script, a 403 error is returned. Which of the
following is the MOST likely cause of the error?
A. Connectivity to the public cloud is down. B. User permissions are not correct. C. The script has a configuration error. D. Oversubscription limits have been exceeded.
Answer: B
Explanation: User permissions are not correct is the most likely cause of the error 403 (Forbidden) that is returned
when a coworker attempts to use a deployment script after being set up for API access to a public
cloud environment by an administrator. API (Application Programming Interface) is a set of rules or
specifications that defines how different software components or systems can communicate and
interact with each other. API access is the ability to use or access an API to perform certain actions or
tasks on a software component or system. User permissions are the settings or policies that control
and restrict what users can do or access on a software component or system. User permissions can
affect API access by determining what actions or tasks users can perform using an API on a software
component or system. User permissions are not correct if they do not match or align with the
intended or expected actions or tasks that users want to perform using an API on a software
component or system. User permissions are not correct can cause error 403 (Forbidden), which
means that the user does not have the necessary permission or authorization to perform the
requested action or task using an API on a software component or system.
Question # 27
Which of the following should be considered for capacity planning?
A. Requirements, licensing, and trend analysis B. Laws and regulations B. Laws and regulations D. Hypervisors and scalability
Answer: A
Explanation: These are the factors that should be considered for capacity planning in a cloud environment.
Capacity planning is a process of estimating and allocating the necessary resources and performance
to meet the current and future demands of cloud applications or services. Capacity planning can help
to optimize costs, efficiency, and reliability of cloud resources or services. The factors that should be
considered for capacity planning are:
Requirements: These are the specifications or expectations of the cloud applications or services, such
as functionality, availability, scalability, security, etc. Requirements can help to determine the type,
amount, and quality of resources or services needed to meet the objectives and goals of the cloud
applications or services.
Licensing: This is the agreement or contract that grants customers the right to use or access certain
cloud resources or services for a specific period or fee. Licensing can affect the cost, availability, and
compliance of cloud resources or services. Licensing can help to determine the budget, duration, and
scope of using or accessing cloud resources or services.
Trend analysis: This is the technique of analyzing historical and current data to identify patterns,
changes, or fluctuations in demand or usage of cloud resources or services. Trend analysis can help to
predict and anticipate future demand or usage of cloud resources or services, as well as identify any
opportunities or challenges that may arise.
Question # 28
A company would like to move all its on-premises platforms to the cloud. The company has enough
skilled Linux and web-server engineers but only a couple of skilled database administrators. It also
has little expertise in managing email services. Which of the following solutions would BEST match
the skill sets of available personnel?
A. Run the web servers in PaaS, and run the databases and email in SaaS. B. Run the web servers, databases, and email in SaaS. C. Run the web servers in laaS, the databases in PaaS, and the email in SaaS. D. Run the web servers, databases, and email in laaS.
Answer: C Explanation: To answer this question, we need to understand the different types of cloud computing models and
how they suit the skill sets of the available personnel. According to Google Cloud, there are three
main models for cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and
Software as a Service (SaaS). Each model provides different levels of control, flexibility, and
management over the cloud resources and services1. IaaS: This model provides access to networking features, computers (virtual or on dedicated
hardware), and data storage space. It gives the highest level of flexibility and management control
over the IT resources and is most similar to existing IT resources that many IT departments and
developers are familiar with2. PaaS: This model provides a complete cloud platform for developing, running, and managing
applications without the cost, complexity, and inflexibility of building and maintaining the underlying
infrastructure. It removes the need for organizations to manage the hardware and operating systems
and allows them to focus on the deployment and management of their applications2. SaaS: This model provides a completed product that is run and managed by the service provider. It
does not require any installation, maintenance, or configuration by the customers. It is typically used
for end-user applications that are accessed through a web browser or a mobile app2. Based on these definitions, we can evaluate each option: Option A: Run the web servers in PaaS, and run the databases and email in SaaS. This option is not
the best match for the skill sets of the available personnel because it does not leverage their
expertise in Linux and web-server engineering. Running the web servers in PaaS means that they will
have less control and customization over the web server environment and will have to rely on the
service provider's platform features. Running the databases and email in SaaS means that they will
not need any database administration or email management skills, but they will also have less
flexibility and security over their data and communication. Option B: Run the web servers, databases, and email in SaaS. This option is not a good match for the
skill sets of the available personnel because it does not utilize their skills at all. Running everything in
SaaS means that they will have no control or responsibility over any aspect of their cloud
environment and will have to depend entirely on the service provider's products. This option may be
suitable for some small businesses or non-technical users who do not have any IT skills or resources,
but not for a company that has skilled Linux and web-server engineers. Option C: Run the web servers in IaaS, the databases in PaaS, and the email in SaaS. This option is the
best match for the skill sets of the available personnel because it balances their strengths and
weaknesses. Running the web servers in IaaS means that they can use their Linux and web-server
engineering skills to configure, manage, and optimize their web server infrastructure according to
their needs. Running the databases in PaaS means that they can leverage the service provider's
platform features to simplify their database development and administration tasks without having to
worry about the underlying hardware and operating systems. Running the email in SaaS means that
they can outsource their email services to a reliable and secure service provider without having to
invest in or manage their own email infrastructure. Option D: Run the web servers, databases, and email in IaaS. This option is not a good match for the
skill sets of the available personnel because it puts too much burden on them. Running everything in
IaaS means that they will have to handle all aspects of their cloud environment, including
networking, computing, storage, security, backup, scaling, patching, etc. This option may be suitable
for some large enterprises or highly technical users who have full control and customization over
their cloud environment, but not for a company that has only a couple of skilled database
administrators and little expertise in managing email services. Therefore, option C is the correct answer.
Question # 29
A cloud administrator is responsible for managing a cloud-based content management solution.
According to the security policy, any data that is hosted in the cloud must be protected against data
exfiltration. Which of the following solutions should the administrator implement?
A. HIDS B. FIM C. DLP D. WAF
Answer: C
Explanation:
DLP (Data Loss Prevention) is what the administrator should implement to protect data against data
exfiltration in a cloud-based content management solution. Data exfiltration is a process of
transferring or stealing data from a system or network without authorization or permission. Data
exfiltration can cause data breaches, leaks, or losses that may affect confidentiality, integrity, or
availability of data. DLP is a tool or service that monitors and controls data movement and usage
within a system or network. DLP can help to prevent data exfiltration by detecting and blocking any
unauthorized or suspicious data transfers or activities, as well as enforcing policies and rules for data
classification, encryption, access, etc.
Question # 30
A development team recently completed testing changes to a company's web-based CMS in the
sandbox environment. The cloud administrator deployed these CMS application changes to the
staging environment as part of the next phase in the release life cycle. The deployment was
successful, but after deploying the CMS application, the web page displays an error message stating
the application is unavailable. After reviewing the application logs, the administrator sees an error
message that the CMS is unable to connect to the database. Which of the following is the BEST
action for the cloud administrator to perform to resolve the issue?
A. Modify the deployment script to delete and recreate the database whenever the CMS application
is deployed. B. Modify the ACL to allow the staging environment to access the database in the sandbox
environment. C. Modify the CMS application deployment to use the previous version and redeploy the application. D. Modify the configuration settings of the CMS application to connect to the database in the current
environment.
Answer: D
Explanation: Modifying the configuration settings of the CMS (Content Management System) application to
connect to the database in the current environment is what the cloud administrator should do to
resolve the issue of web page displaying an error message stating the application is unavailable after
deploying CMS application changes to the staging environment. A CMS is a software or platform that
allows users to create, manage, and publish web content. A CMS may use a database to store and
retrieve web content and information. A staging environment is a testing or pre-production
environment that simulates the production environment and allows users to verify and validate
changes or updates before deploying them to production. Modifying the configuration settings of the
CMS application can help to resolve the issue by ensuring that the CMS application can access and
communicate with the database in the current environment, rather than using the previous or
default settings that may point to a different or non-existent database.
Question # 31
A systems administrator is examining a managed hosting agreement and wants to determine how
much data would be lost if a server had to be restored from backups. To which of the following
metrics should the administrator refer?
A. RTO B. MTBF C. RPO D. MTTR
Answer: C
Explanation: RPO (Recovery Point Objective) is the metric that the administrator should refer to determine how
much data would be lost if a server had to be restored from backups. RPO is a metric that measures
how much data can be lost or how far back in time a recovery point can be without causing
significant impact or damage. RPO can help to determine how much data would be lost by
comparing the time of the disruption or disaster with the time of the last backup or snapshot. RPO
can also help to determine how frequently backups or snapshots should be performed to minimize
data loss.
Question # 32
A new development team requires workstations hosted in a PaaS to develop a new website.
Members of the team also require remote access to the workstations using their corporate email
addresses. Which of the following solutions will BEST meet these requirements? (Select TWO).
A. Deploy new virtual machines. B. Configure email account replication. C. Integrate identity services. D. Implement a VDI solution. E. Migrate local VHD workstations. F. Create a new directory service.
Answer: AC Explanation: A Platform-as-a-Service (PaaS) is a cloud computing model that provides customers a complete cloud
platform"?hardware, software, and infrastructure"?for developing, running, and managing
applications without the cost, complexity, and inflexibility that often comes with building and
maintaining that platform on-premises1. To develop a new website using a PaaS, the development team needs to deploy new virtual
machines (VMs) on the cloud platform. VMs are software emulations of physical computers that can
run different operating systems and applications. By deploying new VMs, the development team can
create a scalable and flexible environment for their website project, without having to invest in or
manage physical hardware2. To enable remote access to the workstations using their corporate email addresses, the development
team needs to integrate identity services on the cloud platform. Identity services are services that
provide authentication, authorization, and identity management for users and devices accessing
cloud resources. By integrating identity services, the development team can use their corporate
email addresses as single sign-on (SSO) credentials to access their workstations from any device and
location, while ensuring security and compliance3. The other options are not the best solutions for these requirements: Configuring email account replication is not necessary for remote access to the workstations. Email
account replication is a process of synchronizing email accounts across different servers or
locations. It can provide backup and redundancy for email services, but it does not provide
authentication or identity management for remote access4. Implementing a Virtual Desktop Infrastructure (VDI) solution is not a PaaS solution. VDI is a
technology that allows users to access virtual desktops hosted on a centralized server. VDI can
provide remote access to desktop environments, but it requires additional hardware, software, and
management costs that are not included in a PaaS model5. Migrating local VHD workstations is not a PaaS solution. VHD stands for Virtual Hard Disk, which is a
file format that represents a virtual hard disk drive. Migrating local VHD workstations means moving
the virtual hard disk files from local storage to cloud storage. This can provide backup and portability
for the workstations, but it does not provide a complete cloud platform for developing and running
applications6. Creating a new directory service is not necessary for remote access to the workstations. A directory
service is a service that stores and organizes information about users, devices, and resources on a
network. Creating a new directory service means setting up a new database and schema for storing
this information. This can provide identity management and access control for the network, but it
does not provide authentication or SSO for remote access.
Question # 33
A user reports a poor-quality remote VDI session. Which of the following should the help desk
technician do FIRST to troubleshoot the issue?
A. Check the FAQ section of the vendor's documentation. B. Ask the user if the client device or access location has changed. C. Reboot the user's virtual desktop. D. Request permission to log in to the device remotely.
Answer: B
Explanation: Asking the user if the client device or access location has changed is what the help desk technician
should do first to troubleshoot poor-quality remote VDI (Virtual Desktop Infrastructure) session. VDI
is a technology that allows users to access virtual desktops hosted on remote servers over a network
or internet connection. VDI can provide users with flexibility, mobility, and security, but it may also
introduce quality issues depending on various factors, such as:
The client device: This is the device that users use to access their virtual desktops, such as a laptop,
tablet, smartphone, etc. The client device can affect VDI quality by determining how well it can
support and display virtual desktop applications and services, as well as how fast it can process and
send data over a network or internet connection.
The access location: This is where users access their virtual desktops from, such as home, office,
public place, etc. The access location can affect VDI quality by determining how stable and secure
their network or internet connection is, as well as how much latency or interference they may
experience.
Asking the user if these factors have changed can help to troubleshoot poor-quality remote VDI
session by identifying any potential causes or sources of quality issues, as well as suggesting any
possible solutions or alternatives.
Question # 34
A systems administrator has migrated a web application to the cloud with a synchronous uplink
speed of 100Mbps. After the migration, the administrator receives reports of slow connectivity to the
web application. The administrator logs into the firewall and notices the WAN port is transmitting at
a constant 12.5MBps. Which of the following BEST explains the reason for the issue?
A. Misconfigured subnetting B. Insufficient compute C. Firewall issues D. Not enough upload bandwidth
Answer: D
Explanation: Not enough upload bandwidth is what best explains the reason for slow connectivity to a web
application that has been migrated to a cloud environment with a synchronous uplink speed of
100Mbps. Bandwidth is a measure of how much data can be transferred over a network or
connection in a given time period. Upload bandwidth is a measure of how much data can be sent
from one location to another over a network or connection in a given time period. Upload
bandwidth can affect connectivity to a web application by determining how fast data can be
uploaded from clients to servers or vice versa. Not enough upload bandwidth can cause slow
connectivity to a web application by creating congestion or bottleneck in data transfer, which may
result in delays or errors in web requests or responses.
Question # 35
An organization has a web-server farm. Which of the following solutions should be implemented to
obtain efficient distribution of requests to theservers?
A. A clustered web server infrastructure B. A load-balancing appliance C. A containerized application D. Distribution of web servers across different regions and zones
Answer: B Explanation: A web-server farm is a group of web servers that work together to provide high availability and
scalability for web applications1. A web-server farm can handle a large number of requests from
clients by distributing the workload among the servers. A load-balancing appliance is a device that sits between the clients and the web servers and
distributes the incoming requests to the servers based on a predefined algorithm2. A load-balancing
appliance can improve the performance, reliability, and security of a web-server farm by providing
the following benefits2: Load balancing: It ensures that no single server is overloaded and that all servers are utilized
efficiently. Failover: It detects and redirects requests from failed or unavailable servers to healthy ones.
Health monitoring: It periodically checks the status and performance of the servers and reports any
issues or anomalies. SSL offloading: It terminates the SSL connections from the clients and forwards the requests to the
servers in plain text, reducing the encryption overhead on the servers. Caching: It stores frequently requested content in its memory and serves it to the clients, reducing
the network traffic and load on the servers. A clustered web server infrastructure is a configuration where multiple web servers are connected to
a shared storage device and appear as a single logical server to the clients3. A clustered web server
infrastructure can provide high availability and fault tolerance for web applications, but it does not
provide load balancing or scalability. Therefore, option A is incorrect. A containerized application is an application that is packaged with its dependencies and runtime
environment in a lightweight and portable unit called a container. A containerized application can
run on any platform that supports container technology, such as Docker or Kubernetes. A
containerized application can provide portability, consistency, and isolation for web applications, but
it does not provide load balancing or scalability by itself. Therefore, option C is incorrect. Distribution of web servers across different regions and zones is a strategy that involves deploying
web servers in multiple geographic locations to serve clients from different areas. Distribution of
web servers across different regions and zones can provide low latency, high availability, and disaster
recovery for web applications, but it does not provide load balancing or scalability within each region
or zone. Therefore, option D is incorrect.
Question # 36
Which of the following actions should a systems administrator perform during the containment
phase of a security incident in the cloud?
A. Deploy a new instance using a known-good base image. B. Configure a firewall rule to block the traffic on the affected instance. C. Perform a forensic analysis of the affected instance. D. Conduct a tabletop exercise involving developers and systems administrators.
Answer: B
Explanation: Configuring a firewall rule to block the traffic on the affected instance is what the administrator
should perform during the containment phase of a security incident in the cloud. A security incident
is an event or situation that affects or may affect the confidentiality, integrity, or availability of cloud
resources or data. A security incident response is a process of managing and resolving a security
incident using various phases, such as identification, containment, eradication, recovery, etc. The
containment phase is where the administrator tries to isolate and prevent the spread or escalation of
the security incident. Configuring a firewall rule to block the traffic on the affected instance can help
to contain a security incident by cutting off any communication or interaction between the instance
and other systems or networks, which may stop any malicious or unauthorized activity or access.
Question # 37
A systems administrator is performing upgrades to all the hypervisors in the environment. Which of
the following components of the hypervisors should be upgraded? (Choose two.)
A. The fabric interconnects B. The virtual appliances C. The firmware D. The virtual machines E. The baselines F. The operating system
Answer: C, F
Explanation: These are the components of the hypervisors that should be upgraded by the administrator who is
performing upgrades to all the hypervisors in the environment. A hypervisor is a software or
hardware that allows multiple VMs (Virtual Machines) to run on a single physical host or server. A
hypervisor consists of various components, such as:
The firmware: This is the software that controls the basic functions and operations of the hardware or
device. The firmware can affect the performance, compatibility, and security of the hypervisor and
the VMs. The firmware should be upgraded to ensure that it supports the latest features and
functions of the hardware or device, as well as fix any bugs or vulnerabilities.
The operating system: This is the software that manages the resources and activities of the
hypervisor and the VMs. The operating system can affect the functionality, reliability, and efficiency
of the hypervisor and the VMs. The operating system should be upgraded to ensure that it supports
the latest applications and services of the hypervisor and the VMs, as well as improve stability and
performance.
Question # 38
A systems administrator is attempting to gather information about services and resource utilization
on VMS in a cloud environment. Which of the following will BEST accomplish this objective?
A. Syslog B. SNMP C. CMDB D. Service management E. Performance monitoring
Answer: E Explanation: Performance monitoring is the process of collecting and analyzing metrics related to the
performance and availability of resources in a cloud environment1. Performance monitoring can help
a systems administrator to gather information about services and resource utilization on VMs in a
cloud environment by providing the following benefits2: Identify and troubleshoot performance issues and bottlenecks before they affect the end users or
business operations. Optimize the resource allocation and configuration to meet the performance requirements and SLAs
of the services. Plan for future capacity and scalability needs based on the historical trends and patterns of resource
utilization. Compare the performance and costs of different cloud service providers, regions, and SKUs.
Some of the tools and services that can help with performance monitoring in a cloud environment
are3: Azure Monitor: A comprehensive service that provides a unified view of the health, performance,
and availability of your Azure resources, applications, and services. Azure Monitor collects metrics,
logs, and traces from various sources and provides analysis, visualization, alerting, and automation
capabilities. Azure Advisor: A personalized service that provides recommendations to optimize your Azure
resources for performance, security, cost, reliability, and operational excellence. Azure Advisor
analyzes your resource configuration and usage data and suggests best practices to improve your
cloud environment. Azure Application Insights: A service that monitors the performance and usage of your web
applications and services. Application Insights collects telemetry data such as requests,
dependencies, exceptions, page views, custom events, and metrics from your application code and
provides powerful analytics, diagnostics, and alerting features. Azure Log Analytics: A service that collects and analyzes data from various sources such as Azure
Monitor, Azure services, VMs, containers, applications, and other cloud or on-premises systems. Log
Analytics enables you to query, visualize, and correlate log data using the Kusto Query Language
(KQL) and create custom dashboards and reports. Syslog is a standard protocol for sending log messages from network devices to a central server. Syslog can help with logging and auditing activities in a cloud environment, but it does not provide
performance monitoring capabilities. Therefore, option A is incorrect. SNMP (Simple Network Management Protocol) is a protocol for collecting and organizing information
about managed devices on a network. SNMP can help with network management and monitoring in
a cloud environment, but it does not provide comprehensive performance monitoring for VMs and
services. Therefore, option B is incorrect. CMDB (Configuration Management Database) is a database that stores information about the
configuration items (CIs) in an IT environment. CMDB can help with configuration management and
change management in a cloud environment, but it does not provide performance monitoring
capabilities. Therefore, option C is incorrect. Service management is a set of processes and practices that aim to deliver value to customers by
providing quality services that meet their needs and expectations. Service management can help
with service design, delivery, support, and improvement in a cloud environment, but it does not
provide performance monitoring capabilities. Therefore, option D is incorrect.
Question # 39
A systems administrator is about to deploy a new VM to a cloud environment. Which of the following
will the administrator MOST likely use to select an address for the VM?
A. CDN B. DNS C. NTP D. IPAM
Answer: D
Explanation: IPAM (IP Address Management) is what the administrator will most likely use to select an address for
the new VM that is about to be deployed to a cloud environment. IPAM is a tool or service that
allows customers to plan, track, and manage the IP addresses and DNS names of their cloud
resources or systems. IPAM can help to select an address for the new VM by providing information
such as available IP addresses, IP address ranges, subnets, domains, etc., as well as ensuring that the
address is unique and valid.
Question # 40
A systems administrator is deploying a solution that includes multiple network I/O-intensive VMs.
The solution design requires that vNICs of the VMs provide low-latency, near-native performance of
a physical NIC and data protection between the VMs. Which of the following would BEST satisfy
these requirements?
A. SR-IOV B. GENEVE C. SDN D. VLAN
Answer: A
Explanation: SR-IOV (Single Root Input/Output Virtualization) is what would best satisfy the requirements of lowlatency,
near-native performance of a physical NIC and data protection between VMs for multiple
network I/O-intensive VMs. SR-IOV is a technology that allows a physical NIC to be partitioned into
multiple virtual NICs that can be assigned to different VMs. SR-IOV can provide the following
benefits:
Low-latency: SR-IOV can reduce latency by bypassing the hypervisor and allowing direct
communication between the VMs and the physical NIC, without any overhead or interference.
Near-native performance: SR-IOV can provide near-native performance by allowing the VMs to use
the full capacity and functionality of the physical NIC, without any emulation or translation.
Data protection: SR-IOV can provide data protection by isolating and securing the network traffic
between the VMs and the physical NIC, without any exposure or leakage.
Question # 41
A cloud security engineer needs to design an IDS/IPS solution for a web application in a single virtual
private network. The engineer is considering implementing IPS protection for traffic coming from the
internet. Which of the following should the engineer consider to meet this requirement?
A. Configuring a web proxy server B. Implementing load balancing using SSI- in front of web applications C. Implementing IDS/IPS agents on each instance running in that virtual private network D. Implementing dynamic routing
Answer: C Explanation: An Intrusion Detection System (IDS) is a software or hardware system that monitors network traffic
for malicious activity and alerts the administrator of any potential threats. An Intrusion Prevention
System (IPS) is a software or hardware system that not only detects but also blocks or mitigates the
malicious activity. Both IDS and IPS are essential for securing a web application in a cloud
environment1. A web proxy server is a server that acts as an intermediary between the client and the web server. It
can provide caching, filtering, and authentication services, but it does not offer IDS/IPS functionality.
Therefore, option A is incorrect. Load balancing using SSI (Server Side Includes) is a technique that distributes the workload among
multiple web servers by inserting dynamic content into web pages. It can improve the performance
and availability of a web application, but it does not provide IDS/IPS protection. Therefore, option B
is incorrect. Implementing IDS/IPS agents on each instance running in that virtual private network is a valid
solution for providing IPS protection for traffic coming from the internet. The agents can monitor and
inspect the network traffic on each instance and block or report any suspicious activity to a central
management console. This can prevent attacks from reaching the web application or spreading to
other instances in the same network. Therefore, option C is correct. Implementing dynamic routing is a technique that allows routers to select the best path for
forwarding packets based on network conditions. It can enhance the reliability and efficiency of a
network, but it does not offer IDS/IPS functionality. Therefore, option D is incorrect.
Question # 42
After a few new web servers were deployed, the storage team began receiving incidents in their
queue about the web servers. The storage administrator wants to verify the incident tickets that
should have gone to the web server team. Which of the following is the MOST likely cause of the
issue?
A. Incorrect assignment group in service management B. Incorrect IP address configuration C. Incorrect syslog configuration on the web servers D. Incorrect SNMP settings
Answer: C
Explanation: Incorrect syslog configuration on the web servers is the most likely cause of the issue of storage team
receiving incidents in their queue about web servers after new web servers were deployed in a cloud
environment. Syslog is a standard protocol that allows network devices and systems to send log
messages to a centralized server or collector. Syslog can help to consolidate and manage logs from
different sources in one place, which can facilitate monitoring, analysis, troubleshooting, auditing,
etc. Incorrect syslog configuration on the web servers can cause them to send log messages to the
wrong destination or queue, such as the storage team's queue, rather than the web server team's
queue.
Question # 43
A systems administrator wants to ensure two VMs remain together on the same host. Which of the
following must be set up to enable this functionality?
A. Affinity B. Zones C. Regions D. A cluster
Answer: A
Explanation: Affinity is what must be set up to ensure two VMs remain together on the same host. Affinity is a
feature that allows customers to specify preferences or requirements for placing VMs on certain
hosts or clusters within a cloud environment. Affinity can help to improve performance, availability,
compatibility, or security of VMs by ensuring they are located on optimal hosts or clusters. Affinity
can also help to keep two VMs together on the same host by creating an affinity rule that binds them
together
Question # 44
A web consultancy group currently works in an isolated development environment. The group uses
this environment for the creation of the final solution, but also for showcasing it to customers, before
commissioning the sites in production. Recently, customers of newly commissioned sites have
reported they are not receiving the final product shown by the group, and the website is performing
in unexpected ways. Which of the following additional environments should the group adopt and
include in its process?
A. Provide each web consultant a local environment on their device. B. Require each customer to have a blue-green environment. C. Leverage a staging environment that is tightly controlled for showcasing D. Initiate a disaster recovery environment to fail to in the event of reported issues.
Answer: C Explanation: The answer is C. Leverage a staging environment that is tightly controlled for showcasing. A staging
environment is a replica of the production environment that is used for testing and demonstrating
the final product before deployment. A staging environment can help the web consultancy group
avoid the issues reported by the customers, such as mismatched expectations and unexpected
behavior, by ensuring that the product is shown in a realistic and consistent setting. A staging
environment can also help the group catch and fix any bugs or errors before they affect the live site.
Some possible sources of information about web development environments are: 7 Web Development Best Practices: This page provides some general tips and best practices for web
development, such as planning, accessibility, UX/UI, standards, code quality, compatibility, and
security. Web Development Best Practices (Building Real-World Cloud Apps with Azure): This page explains
some specific best practices for web development in the cloud environment, such as stateless web
tier, session state management, CDN caching, and async programming. Web Development Best Practices: This page lists some resources for learning web development best
practices in ASP.NET, such as async and await, building real-world cloud apps with Azure, and handson
labs.
Question # 45
A systems administrator has been asked to restore a VM from backup without changing the current
VM's operating state. Which of the following restoration methods would BEST fit this scenario?
A. Alternate location B. Rolling B. Rolling C. Storage live migration D. In-place
Answer: C
Explanation: Storage live migration is the best restoration method to restore a VM from backup without changing
the current VM's operating state. Storage live migration is a process of moving or transferring
storage resources or data from one location to another without affecting or interrupting the
operation or performance of the VMs that use them. Storage live migration can help to restore a VM
from backup by copying the backup data to a new storage location and switching the VM's storage
configuration to point to the new location, without requiring any downtime or reboot.
Question # 46
A company has entered into a business relationship with another organization and needs to provide
access to internal resources through directory services. Which of the following should a systems
administrator implement?
A. sso B. VPN C. SSH D. SAML
Answer: B Explanation: The answer is B. A VPN tunnel. A VPN tunnel is a secure and encrypted connection between two
networks over a public network, such as the Internet. A VPN tunnel can help protect data in transit
by encrypting it before it leaves the company's network and decrypting it when it reaches the public
cloud service provider. A VPN tunnel can also authenticate the endpoints and verify the integrity of the data.
Some possible sources of information about VPN tunnels are: What is a VPN Tunnel? | Fortinet: This page explains what a VPN tunnel is, how it works, and what
benefits it provides. VPN Gateway: Create a Site-to-Site connection using a VPN gateway | Microsoft Docs: This page
shows how to create a site-to-site connection using a VPN gateway in Azure. [Cloud VPN overview | Google Cloud]: This page provides an overview of Cloud VPN, a service that
creates secure and reliable VPN tunnels to Google Cloud.
Question # 47
A systems administrator needs to connect the companys network to a public cloud services provider.
Which of the following will BEST ensure encryption in transit for data transfers?
A. Identity federation B. A VPN tunnel C. A proxy solution D. A web application firewall
Answer: B Explanation: The answer is A. SAML. SAML (Security Assertion Markup Language) is a standard for exchanging
authentication and authorization data between different parties, such as a user and a service
provider. In a federated cluster, SAML can be used to enable single sign-on (SSO) for users across
multiple clusters or cloud providers. SAML relies on the exchange of XML-based assertions that
contain information about the user's identity, attributes, and entitlements. If the users"? API access
tokens have become invalid, it could be because the SAML assertions have expired, been revoked, or
corrupted. The administrator should check the SAML configuration and logs to determine the cause
of this issue. Some possible sources of information about SAML and federated clusters are: Authenticating | Kubernetes: This page provides an overview of authenticating users in Kubernetes,
including using SAML for federated identity. Authenticating to the Kubernetes API server - Google Cloud: This page explains how to authenticate
to the Kubernetes API server on Google Cloud, including using SAML for federated identity with
Google Cloud Identity Platform. Error 403 User not authorized when trying to access Azure Databricks API through Active Directory -
Stack Overflow: This page discusses a similar issue of users getting an error when trying to access
Azure Databricks API using SAML and Active Directory.
Question # 48
A cloud administrator is troubleshooting an issue regarding users at one location who are reporting
that their API access tokens have become invalid. The users are issued tokens based on their
credentials in a federated cluster. Which of the following should the administrator check to
determine the cause of this issue?
A. SAML B. DNS C. SSL D. NTP
Answer: A Explanation: The answer is A. SAML. SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between different parties, such as a user and a service provider. In a
federated cluster, SAML can be used to enable single sign-on (SSO) for users across multiple clusters
or cloud providers. SAML relies on the exchange of XML-based assertions that contain information
about the user's identity, attributes, and entitlements. If the users"? API access tokens have become
invalid, it could be because the SAML assertions have expired, been revoked, or corrupted. The
administrator should check the SAML configuration and logs to determine the cause of this issue.
Some possible sources of information about SAML and federated clusters are:
Authenticating | Kubernetes: This page provides an overview of authenticating users in Kubernetes,
including using SAML for federated identity. Authenticating to the Kubernetes API server - Google Cloud: This page explains how to authenticate
to the Kubernetes API server on Google Cloud, including using SAML for federated identity with
Google Cloud Identity Platform. Error 403 User not authorized when trying to access Azure Databricks API through Active Directory -
Stack Overflow: This page discusses a similar issue of users getting an error when trying to access
Azure Databricks API using SAML and Active Directory.
Question # 49
A company is using laaS services from two different providers: one for its primary site, and the other
for a secondary site. The primary site is completely inaccessible, and the management team has
decided to run through the BCP procedures. Which of the following will provide the complete asset
information?
A. DR replication document B. DR playbook C. DR policies and procedures document D. network diagram
Answer: B Explanation: According to the CompTIA Cloud+ CV0-003 Certification Study Guide1, the answer is B. DR playbook. A DR playbook is a document that contains the detailed steps and procedures to recover from a
disaster scenario. It includes the asset information, such as the cloud resources, configurations, and
dependencies, that are needed to restore the normal operations of the business. A DR replication
document is a document that describes how the data and applications are replicated between the
primary and secondary sites. A DR policies and procedures document is a document that defines the
roles and responsibilities of the staff, the communication channels, and the objectives and scope of
the DR plan. A DR network diagram is a visual representation of the network topology and
connectivity between the primary and secondary sites.
Question # 50
A company is using a hybrid cloud environment. The private cloud is hosting the business
applications, and the cloud services are being used to replicate for availability purposes.
The cloud services are also being used to accommodate the additional resource requirements to
provide continued services. Which of the following scalability models is the company utilizing?
A. Vertical scaling B. Autoscaling C. Cloud bursting D. Horizontal scaling
Answer: C Explanation: Cloud bursting is a scalability model that allows a company to use a hybrid cloud environment to
handle peak or unpredictable workloads. Cloud bursting involves using the private cloud to host the
core or critical applications, and using the public cloud to provide additional or temporary resources
when the demand exceeds the capacity of the private cloud . Cloud bursting can help a company to: Improve the availability and reliability of the applications by replicating them across multiple cloud
platforms and locations . Optimize the performance and efficiency of the applications by dynamically allocating and releasing
resources based on the workload and traffic . Reduce the cost and complexity of the IT infrastructure by leveraging the pay-as-you-go and ondemand
models of the public cloud .
Testimonials
I would like to share my wonderful experience here with you guys because I think it can let you have the same experience with Dumps4download.com. Their CV0-003 exam pdfs made my way to success so easy that I will suggest and always prefer them for my next certification.
Dipak
Excellent dumps for the CV0-003 exam. I studied from other sites but my money got wasted. Now I got 89% marks. Thank you Dumps4download.
Ashima
Dumps4download provides updated study guides and certification exam for CV0-003. I just cleared it with an 84% score and was highly satisfied with the material.
uNYCFkfkehAq
I highly recommend the Dumps4download pdf dumps with practicing exam more. I learned in no time (only 5 days). Scored 90% marks in the CompTIA CV0-003 exam.
Rajendra
Valid and 100% authentic exam dumps for CV0-003. I studied with these and scored 87% in the CV0-003 exam. Dumps4download is amazing.