Cloud+

Question 1

To save on licensing costs, the on-premises, IaaS-hosted databases need to be migrated to a public
DBaaS solution. Which of the following would be the BEST technique?

A. Live migration
B. Physical-to-virtual
C. Storage-level mirroring
D. Database replication

Answer 1

Database replication

Question 2

An SQL injection vulnerability was reported on a web application, and the cloud platform team needs to
mitigate the vulnerability while it is corrected by the development team.

Which of the following controls will BEST mitigate the risk of exploitation?

A. DLP
B. HIDS
C. NAC
D. WAF

Answer 2

WAF
(Web Application Firewall)

Question 3

A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users
have reported that VDI performance has been slow since the images were upgraded from Windows 7 to
Windows 10.

This VDI environment is used to run simple tasks, such as Microsoft Office. The administrator investigates
the virtual machines and finds the following settings:
1. 4 vCPU
2. 16GB RAM
3. 10Gb networking
4. 256MB frame buffer

Which of the following MOST likely needs to be upgraded?
A. vRAM
B. vCPU
C. vGPU
D. vNIC

Answer 3

vGPU
(virtual graphics processing unit (vGPU))

Question 4

A systems administrator recently upgraded the processors in a web application host. Upon the next login,
the administrator sees a new alert regarding the license being out of compliance.
Which of the following licensing models is the application MOST likely using?

A. Per device
B. Per user
C. Core-based
D. Volume-based

Answer 4

Core-based

Question 5

An organization has two businesses that are developing different software products. They are using a
single cloud provider with multiple IaaS instances. The organization identifies that the tracking of costs for
each business are inaccurate.

Which of the following is the BEST method for resolving this issue?

A. Perform segregation of the VLAN and capture egress and ingress values of each network interface
B. Tag each server with a dedicated cost and sum them based on the businesses
C. Split the total monthly invoice equally between the businesses
D. Create a dedicated subscription for the businesses to manage the costs

Answer 5

Tag each server with a dedicated cost and sum them based on the businesses

Question 6

A systems administrator needs to configure SSO authentication in a hybrid cloud environment.
Which of the following is the BEST technique to use?

A. Access controls
B. Federation
C. Multifactor authentication
D. Certificate authentication

Answer 6

Federation

Question 7

A systems administrator recently deployed a VDI solution in a cloud environment; however, users are now
experiencing poor rendering performance when trying to display 3-D content on their virtual desktops,
especially at peak times.

Which of the following actions will MOST likely solve this issue?

A. Update the quest graphics drivers from the official repository
B. Add more vGPU licenses to the host
C. Instruct users to access virtual workstations only on the VLAN
D. Select vGPU profiles with higher video RAM

Answer 7

Select vGPU profiles with higher video RAM

Question 8

A systems administrator has migrated an internal application to a public cloud. The new web server is
running under a TLS connection and has the same TLS certificate as the internal application that is
deployed. However, the IT department reports that only internal users who are using new versions of the
OSs are able to load the application home page.

Which of the following is the MOST likely cause of the issue?

A. The local firewall from older OSs is not allowing outbound connections
B. The local firewall from older OSs is not allowing inbound connections
C. The cloud web server is using a self-signed certificate that is not supported by older browsers
D. The cloud web server is using strong ciphers that are not supported by older browsers

Answer 8

The cloud web server is using strong ciphers that are not supported by older browsers

Question 9

Lateral-moving malware has infected the server infrastructure. Which of the following network changes
would MOST effectively prevent lateral movement in the future?

A. Implement DNSSEC in all DNS servers
B. Segment the physical network using a VLAN
C. Implement microsegmentation on the network
D. Implement 802.1X in the network infrastructure

Answer 9

Segment the physical network using a VLAN

Question 10

A company is switching from one cloud provider to another and needs to complete the migration as quickly
as possible.

Which of the following is the MOST important consideration to ensure a seamless migration?

A. The cost of the environment
B. The I/O of the storage
C. Feature compatibility
D. Network utilization

Answer 10

Feature compatibility

Question 11

A cloud architect is designing the VPCs for a new hybrid cloud deployment. The business requires the
following:
1. High availability
2. Horizontal auto-scaling
3. 60 nodes peak capacity per region
4. Five reserved network IP addresses per subnet
5. /24 range

Which of the following would BEST meet the above requirements?

A. Create two /25 subnets in different regions
B. Create three /25 subnets in different regions
C. Create two /26 subnets in different regions
D. Create three /26 subnets in different regions
E. Create two /27 subnets in different regions
F. Create three /27 subnets in different regions

Answer 11

Create two /25 subnets in different regions

Explanation/Reference:
You need 65 IPs per region. /27 will only give you 32 and /26 will only give you 64. You need a /25 network
which will give you 128 per region. Having two regions will give you the requirement of high availability.
Yes, 3 regions is better than 2, but it doesn’t ask for the best high availability option, it just asks for high
availability which 2 regions provides.

Question 12

A company is doing a cloud-to-cloud migration to lower costs. A systems administrator has to plan the
migration accordingly.

Which of the following considerations is MOST important for a successful, future-proof, and low-cost
migration?

A. Tier pricing
B. Licensing
C. Estimated consumption
D. Feature compatibility

Answer 12

Feature compatibility

Question 13

A systems administrator would like to reduce the network delay between two servers.

Which of the following will reduce the network delay without taxing other system resources?

A. Decrease the MTU size on both servers
B. Adjust the CPU resources on both servers
C. Enable compression between the servers
D. Configure a VPN tunnel between the servers

Answer 13

Decrease the MTU size on both servers

The maximum transmission unit (MTU) is the largest size of a packet or frame that can be sent over a
network. Decreasing the MTU size on both servers can reduce the network delay between them, as it can
reduce the fragmentation and reassembly of packets, improve the transmission efficiency, and avoid
packet loss or errors. Decreasing the MTU size can also avoid taxing other system resources, as it does
not require additional CPU, memory, or disk resources. References: CompTIA Cloud+ Certification Exam
Objectives, page 16, section 3.2
Reference: https://cseweb.ucsd.edu/~calder/papers/HPDC-01-DynComp.pdf

Question 14

A company is planning to migrate applications to a public cloud, and the Chief Information Officer (CIO)
would like to know the cost per business unit for the applications in the cloud. Before the migration, which
of the following should the administrator implement FIRST to assist with reporting the cost for each
business unit?

A. An SLA report
B. Tagging
C. Quotas
D. Showback

Answer 14

Tagging

Explanation/Reference:
Tagging is what the administrator should implement first to assist with reporting the cost for each business
unit for applications in a public cloud environment. Tagging is a technique that allows customers to assign
metadata or labels to their cloud resources, such as applications, instances, volumes, etc., based on their
attributes or criteria. Tagging can help customers to organize, manage, monitor, and report their cloud
resources and costs by business unit, project, owner, environment, etc.

Question 15

An IaaS application has a two-hour RTO and a four-hour RPO. The application takes one hour to back up its data or restore from a local backup file. A systems administrator is tasked with configuring the backup policy.

Which of the following should the administrator configure to achieve the application requirements with the LEAST cost?

A. Back up to long-term storage every night
B. Back up to object storage every three hours
C. Back up to long-term storage every four hours
D. Back up to object storage every hour

Answer 15

Back up to object storage every three hours

Explanation/Reference:
Object storage is a type of storage service that stores data as objects with unique identifiers and metadata
in a flat namespace or structure. Backing up to object storage every three hours can help achieve the
application requirements with the least cost for an IaaS application that has a two-hour RTO and a fourhour
RPO, as it can provide scalable, durable, and cost-effective storage for backup data while meeting
the recovery time and point objectives. Backing up to object storage every three hours can ensure that the
backup data is no more than four hours old and can be restored within two hours in case of a disaster or
failure. References: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4

Question 16

Which of the following will mitigate the risk of users who have access to an instance modifying the system configurations?

A. Implement whole-disk encryption
B. Deploy the latest OS patches
C. Deploy an anti-malware solution
D. Implement mandatory access control

Answer 16

Implement mandatory access control

Explanation/Reference:
Mandatory access control (MAC) is a type of access control model that enforces strict security policies
based on predefined rules and labels. MAC assigns security labels to subjects (users or processes) and
objects (files or resources) and allows access only if the subject has the appropriate clearance and needto-
know for the object. MAC can mitigate the risk of users who have access to an instance modifying the
system configurations, as it can prevent unauthorized or accidental changes to critical files or settings by
restricting access based on predefined rules and labels. References: CompTIA Cloud+ Certification Exam
Objectives, page 14, section 2.7

Question 17

Which of the following service models would be used for a database in the cloud?

A. PaaS
B. laaS
C. CaaS
D. SaaS

Answer 17

PaaS

Explanation/Reference:
PaaS (Platform as a Service) is a cloud service model that provides a platform for developing, testing,
deploying, and managing applications in the cloud. PaaS includes the underlying infrastructure (servers,
storage, network, etc.) as well as the middleware, databases, tools, frameworks, and APIs that are
required for application development and delivery. Examples of PaaS are AWS Elastic Beanstalk, Azure
App Service, Google App Engine, etc.

Question 18

A company has decided to get multiple compliance and security certifications for its public cloud environment. However, the company has few staff members to handle the extra workload, and it has limited knowledge of the current infrastructure.

Which of the following will help the company meet the compliance requirements as quickly as possible?

A. DLP
B. CASB
C. FIM
D. NAC

Answer 18

CASB

A cloud access security broker (CASB) is a type of security solution that acts as a gateway between cloud
service users and cloud service providers. A CASB can help a company get multiple compliance and
security certifications for its public cloud environment, as it can provide visibility, control, and protection for
cloud data and applications. A CASB can also help the company handle the extra workload and overcome
the limited knowledge of the current infrastructure, as it can automate and simplify the enforcement of
security policies and compliance requirements across multiple cloud services. References: CompTIA
Cloud+ Certification Exam Objectives, page 14, section 2.7

Question 19

A VDI administrator has received reports of poor application performance.

Which of the following should the administrator troubleshoot FIRST?

A. The network environment
B. Container resources
C. Client devices
D. Server resources

Answer 19

The network environment

The network environment is the set of network devices, connections, protocols, and configurations that
enable communication and data transfer between different systems and applications. The network
environment can affect the performance of a virtual desktop infrastructure (VDI) by influencing factors such
as bandwidth, latency, jitter, packet loss, and congestion. Poor network performance can result in slow or
unreliable application delivery, degraded user experience, and reduced productivity. Therefore,
troubleshooting the network environment should be the first step for a VDI administrator who receives
reports of poor application performance. References: CompTIA Cloud+ Certification Exam Objectives,
page 17, section 3.4

Question 20

A company is currently running a website on site. However, because of a business requirement to reduce current RTO from 12 hours to one hour, and the RPO from one day to eight hours, the company is considering operating in a hybrid environment. The website uses mostly static files and a small relational database.

Which of the following should the cloud architect implement to achieve the objective at the LOWEST cost
possible?

A. Implement a load-balanced environment in the cloud that is equivalent to the current on-premises setup and use DNS to shift the load from on premises to cloud.
B. Implement backups to cloud storage and infrastructure as code to provision the environment automatically when the on-premises site is down. Restore the data from the backups.
C. Implement a website replica in the cloud with auto-scaling using the smallest possible footprint. Use DNS to shift the load from on premises to the cloud.
D. Implement a CDN that caches all requests with a higher TTL and deploy the laaS instances manually in case of disaster. Upload the backup on demand to the cloud to restore on the new instances.

Answer 20

Implement a website replica in the cloud with auto-scaling using the smallest possible footprint. Use DNS to shift the load from on premises to the cloud.

Explanation/Reference:
This is the best solution to achieve the objective of reducing current RTO (Recovery Time Objective) from
12 hours to one hour, and RPO (Recovery Point Objective) from one day to eight hours, at the lowest cost
possible, for a website that uses mostly static files and a small relational database. RTO is a metric that
measures how quickly a system or service can be restored after a disruption or disaster. RPO is a metric
that measures how much data can be lost or how far back in time a recovery point can be without causing
significant impact or damage. To reduce RTO and RPO, the administrator should implement a website
replica in the cloud with auto-scaling using the smallest possible footprint. A website replica is a copy or
backup of a website that can be used for recovery or failover purposes. Auto-scaling is a feature that
allows cloud resources or systems to adjust their capacity and performance according to demand or
workload. Using auto-scaling with the smallest possible footprint can minimize costs by using only the
necessary resources and scaling up or down as needed. The administrator should also use DNS (Domain
Name System) to shift the load from on premises to the cloud. DNS is a service that translates domain
names into IP addresses and vice versa. Using DNS, the administrator can redirect traffic from the onpremises
website to the cloud replica in case of a disruption or disaster, and vice versa when recovery is
complete.

Question 21

A developer is no longer able to access a public cloud API deployment, which was working ten minutes
prior.

Which of the following is MOST likely the cause?

A. API provider rate limiting
B. Invalid API token
C. Depleted network bandwidth
D. Invalid API request

Answer 21

Invalid API token

Explanation/Reference:
An API token is typically used to authenticate the client making API requests to the cloud API. If the token
becomes invalid, either because it has expired or because it has been revoked, the client will no longer be
able to access the API. This can result in the developer being unable to access the API deployment, even
if it was working previously.
API provider rate limiting, depleted network bandwidth, and invalid API request can also cause issues with
accessing an API deployment, but are less likely to be the cause if the API was working previously and
suddenly stopped. These issues are more likely to result in a slow or inconsistent response from the API,
rather than a complete inability to access it.

Question 22

A company is concerned about the security of its data repository that contains customer PII. A systems
administrator is asked to deploy a security control that will prevent the exfiltration of such data. Which of the following should the systems administrator implement?

A. DLP
B. WAF
C. FIM
D. ADC

Answer 22

DLP

Explanation/Reference:
Implementing DLP (Data Loss Prevention) is the best solution to prevent the exfiltration of customer PII
(Personally Identifiable Information) from a data repository. DLP is a security control that monitors, detects,
and blocks sensitive data from leaving or being accessed by unauthorized parties. DLP can be applied at
different levels, such as network, endpoint, storage, or cloud. DLP can help to protect customer PII from
being leaked, stolen, or compromised.
Reference: https://cloud.google.com/blog/products/identity-security/4-steps-to-stop-data-exfiltration-withgoogle-
cloud

Question 23

Which of the following cloud services is fully managed?

A. IaaS
B. GPU in the cloud
C. IoT
D. Serverless compute
E. SaaS

Answer 23

E. SaaS

Explanation/Reference:
SaaS (Software as a Service) is a cloud service model that provides fully managed applications to the end
users. The users do not have to worry about installing, updating, or maintaining the software, as the cloud
provider handles all these tasks. Examples of SaaS are Gmail, Office 365, Salesforce, etc.

Question 24

A company recently subscribed to a SaaS collaboration service for its business users. The company also
has an on-premises collaboration solution and would like users to have a seamless experience regardless
of the collaboration solution being used.

Which of the following should the administrator implement?

A. LDAP
B. WAF
C. VDI
D. SSO

Answer 24

SSO

Explanation/Reference:
Single sign-on (SSO) is a type of authentication mechanism that allows users to access multiple systems
or applications with a single login credential. SSO can help users have a seamless experience regardless
of the collaboration solution being used, as it can eliminate the need for multiple logins and passwords for
different systems or applications. SSO can also improve user convenience, productivity, and security, as it
can simplify the login process, reduce login errors, and enhance password management.
References: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7

Question 25

A company has a cloud infrastructure service, and the cloud architect needs to set up a DR site.

Which of the following should be configured in between the cloud environment and the DR site?

A. Failback
B. Playbook
C. Zoning
D. Replication

Answer 25

Replication

Replication is a process of copying or synchronizing data from one location to another to ensure
consistency and availability. Replication can help set up a disaster recovery (DR) site for a cloud
environment, as it can enable data backup and recovery in case of a failure or outage in the primary site.
Replication can also improve performance and reliability, as it can reduce latency and load by distributing
data across multiple sites. Replication should be configured between the cloud environment and the DR
site to ensure data protection and continuity. References: CompTIA Cloud+ Certification Exam Objectives,
page 10, section 1.5

Question 26

In an existing IaaS instance, it is required to deploy a single application that has different versions.

Which of the following should be recommended to meet this requirement?

A. Deploy using containers
B. Install a Type 2 hypervisor
C. Enable SR-IOV on the host
D. Create snapshots

Answer 26

Deploy using containers

Containers are a type of deployment technology that packages an application and its dependencies into a
lightweight and portable unit that can run on any platform or environment. Containers can help deploy a
single application that has different versions in an existing IaaS instance, as they can isolate and run
multiple versions of the same application without any conflicts or interference. Containers can also enable
faster and easier deployment, scaling, and management of cloud-based applications. References:
CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6

Question 27

A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed.

Which of the following will BEST identify the CPU with more computational power?

A. Simultaneous multithreading
B. Bus speed
C. L3 cache
D. Instructions per cycle

Answer 27

Instructions per cycle

Explanation/Reference:
Instructions per cycle (IPC) is a metric that measures how many instructions a CPU can execute in one
clock cycle. IPC can help identify the CPU with more computational power when comparing two CPU
models that have the same number of cores/threads and run at the same clock speed, as it indicates the
efficiency and performance of the CPU architecture and design. A higher IPC means that the CPU can
process more instructions in less time, resulting in faster and better performance. References: CompTIA
Cloud+ Certification Exam Objectives, page 9, section 1.4 Reference: https://en.wikipedia.org/wiki/
Central_processing_unit

Question 28

An organization is developing a new solution for hosting an external website. The systems administrator needs the ability to manage the OS.

Which of the following methods would be MOST suitable to achieve this objective?

A. Deploy web servers into an laaS provider.
B. Implement a cloud-based VDI solution.
C. Provision web servers in a container environment.
D. Use PaaS components in the cloud to implement the product.

Answer 28

Deploy web servers into an laaS provider.

Explanation/Reference:
Deploying web servers into an IaaS (Infrastructure as a Service) provider is the most suitable method to
achieve the objective of hosting an external website and managing the OS. IaaS is a cloud service model
that provides basic computing resources such as servers, storage, network, etc., to the customers. The
customers have full control and flexibility over these resources and can install and configure any software
they need on them. IaaS is suitable for hosting web servers and managing the OS, as it allows the
customers to choose their preferred OS, web server software, settings, etc., and customize them
according to their needs.

Question 29

A cloud administrator is designing a multiregion network within an IaaS provider. The business requirements for configuring the network are as follows:

1. Use private networking in and between the multisites for data replication.
2. Use low latency to avoid performance issues.

Which of the following solutions should the network administrator use within the IaaS provider to connect
multiregions?

A. Peering
B. Gateways
C. VPN
D. Hub and spoke

Answer 29

Peering

Explanation/Reference:
Peering is a type of network connection that allows two or more networks to exchange traffic directly
without using an intermediary or a third-party service. Peering can help connect multiregions within an IaaS
provider, as it can enable private networking in and between the multisites for data replication. Peering can
also provide low latency, as it can reduce the number of hops and distance between the networks. Peering
is the best solution for designing a multiregion network within an IaaS provider to support business
requirements. References: CompTIA Cloud+ Certification Exam Objectives, page 15, section 2.8

Question 30

A company that utilizes an IaaS service provider has contracted with a vendor to perform a penetration test
on its environment. The vendor is able to exploit the virtualization layer and obtain access to other instances within the cloud provider’s environment that do not belong to the company.

Which of the following BEST describes this attack?

A. VM escape
B. Directory traversal
C. Buffer overflow
D. Heap spraying

Answer 30

VM escape

Explanation/Reference:
VM escape is a type of attack that allows an attacker to break out of a virtual machine (VM) and access the
host system or other VMs within the same cloud provider’s environment. VM escape can exploit the
vulnerabilities in the virtualization layer or hypervisor that separates and isolates the VMs from each other
and from the host system. VM escape can result in serious consequences, such as compromising the
security and privacy of other customers’ data or resources, gaining unauthorized access to the cloud
provider’s infrastructure or services, or launching further attacks on other systems or networks. VM escape
best describes the attack that was performed by a vendor who was able to exploit the virtualization layer
and obtain access to other instances within the cloud provider’s environment that do not belong to the
company. References: CompTIA Cloud+ Certification Exam Objectives, page 19, section 4.1
Reference: https://whatis.techtarget.com/definition/virtual-machine-escape

Question 31

A cloud administrator is reviewing the authentication and authorization mechanism implemented within the cloud environment. Upon review, the administrator discovers the sales group is part of the finance group, and the sales team members can access the financial application. Single sign-on is also implemented, which makes access much easier.

Which of the following access control rules should be changed?

A. Discretionary-based
B. Attribute-based
C. Mandatory-based
D. Role-based

Answer 31

Role-based

Explanation/Reference:
Role-based access control (RBAC) is a type of access control model that assigns permissions and
privileges to users based on their roles or functions within an organization or system. RBAC can help
simplify and streamline the management and enforcement of access policies, as it can reduce the
complexity and redundancy of assigning permissions to individual users or groups. RBAC can also help
improve security and compliance, as it can limit or grant access based on the principle of least privilege
and the separation of duties. RBAC is the best access control rule to change when the sales group is part
of the finance group and the sales team members can access the financial application due to a single signon
mechanism being implem
Reference: https://www.ekransystem.com/en/blog/rbac-vs-abac

Question 32

An organization has the following requirements that need to be met when implementing cloud services:

1. SSO to cloud infrastructure
2. On-premises directory service
3. RBAC for IT staff

Which of the following cloud models would meet these requirements?

A. Public
B. Community
C. Hybrid
D. Multitenant

Answer 32

Hybrid

Explanation/Reference:
A hybrid cloud is a type of cloud deployment model that combines two or more different types of clouds,
such as public, private, or community clouds, into a single integrated environment. A hybrid cloud can meet
the requirements for implementing cloud services with SSO to cloud infrastructure, on-premises directory
service, and RBAC for IT staff, as it can provide flexibility, scalability, and security for cloud-based and onpremises
resources. A hybrid cloud can also enable seamless and secure access to cloud infrastructure
using SSO with directory service federation, as well as granular and consistent control over IT staff
permissions using RBAC across different cloud environments. References: CompTIA Cloud+ Certification
Exam Objectives, page 8, section 1.2

Question 33

QUESTION 33
An organization purchased new servers with GPUs for render farms. The servers have limited CPU resources.

Which of the following GPU configurations will be the MOST optimal for virtualizing this environment?

A. Dedicated
B. Shared
C. Passthrough
D. vGPU

Answer 33

Passthrough

Explanation/Reference:
Passthrough is a type of GPU configuration that allows a VM to directly access a physical GPU on the host
system without any virtualization layer or sharing mechanism. Passthrough can provide optimal
performance and compatibility for GPU- intensive applications, such as rendering or gaming, as it
eliminates any overhead or contention caused by virtualization or sharing. Passthrough is also suitable for
servers with limited CPU resources, as it reduces the CPU load and offloads the graphics processing to
the GPU. Passthrough is the most optimal GPU configuration for virtualizing a new server with GPUs for
render farms. References: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6

Question 34

After accidentally uploading a password for an IAM user in plain text, which of the following should a cloud
administrator do FIRST? (Choose two.)
A. Identify the resources that are accessible to the affected IAM user
B. Remove the published plain-text password
C. Notify users that a data breach has occurred
D. Change the affected IAM user’s password
E. Delete the affected IAM user

Answer 34

B. Remove the published plain-text password
D. Change the affected IAM user’s password

Explanation/Reference:
The first step a cloud administrator should take after accidentally uploading a password for an IAM user in
plain text is to remove the published plain-text password. This should be done immediately to prevent
unauthorized access to the affected user’s resources. The administrator should then change the password
for the affected IAM user to a new, strong password. This will ensure that the user’s resources are secure
and that there is no unauthorized access.
A. Identifying the resources that are accessible to the affected IAM user is important, but it should not be
done before removing the plain-text password and changing the password for the affected user. This step
can be taken after the immediate security concerns have been addressed.
C. While it is important to notify users of a data breach, this step is not necessary in this situation as the
password was accidentally uploaded and there is no evidence that any unauthorized access has occurred.
However, the cloud administrator should review their security protocols to ensure that similar incidents do
not occur in the future.
E. Deleting the affected IAM user is not necessary in this situation, as the user’s resources can be secured
by changing the password. Deleting the user may cause unnecessary disruption to the user’s workflow and
could result in the loss of important data.
In summary, the first step a cloud administrator should take after accidentally uploading a password for an
IAM user in plain text is to remove the published plain-text password, followed by changing the password
for the affected user.

Question 35

Due to a policy change, a few of a customer’s application VMs have been migrated to synchronously replicated storage. The customer now reports that performance is lower. The systems administrator checks the resource usage and discovers CPU utilization is at 60% and available memory is at 30%.

Which of the following is the MOST likely cause?

A. There is not enough vCPU assigned
B. The application is not compatible with the new settings
C. The new configuration is adding latency
D. The memory of the VM is underallocated

Answer 35

The new configuration is adding latency

Explanation/Reference:
Latency is the delay or time taken for data to travel from one point to another in a network or system.
Latency can affect the performance of applications and processes that depend on fast and reliable data
transfer. Synchronous replication is a method of data replication that ensures that data is written to two or
more storage devices at the same time, providing high availability and consistency. However, synchronous
replication can also introduce latency, as the write operation has to wait for the confirmation from all the
replicated devices before completing. The new configuration of migrating some application VMs to
synchronously replicated storage is most likely adding latency, which can lower the performance of the
applications. References: [CompTIA Cloud+ Certification Exam Objectives], page 10, section 1.5

Question 36

After a hardware upgrade on a private cloud system, the systems administrator notices a considerable drop in network performance. Which of the following is MOST likely the cause?

A. The driver
B. The memory
C. The cluster placement
D. The CPU

Answer 36

The driver

Explanation/Reference:
The driver is the most likely cause of the drop in network performance after a hardware upgrade on a
private cloud system. A driver is a software component that enables communication and interaction
between hardware devices and operating systems or applications. A driver may need to be updated or
reinstalled after a hardware upgrade to ensure compatibility and functionality. If the driver is outdated,
missing, or corrupted, it may affect the network performance of the system.

Question 37

A company has an in-house-developed application. The administrator wants to utilize cloud services for
additional peak usage workloads. The application has a very unique stack of dependencies.

Which of the following cloud service subscription types would BEST meet these requirements?

A. PaaS
B. SaaS
C. DBaaS
D. IaaS

Answer 37

IaaS

Explanation/Reference:
IaaS (Infrastructure as a Service) is a cloud service model that provides basic computing resources such
as servers, storage, network, etc., to the customers. The customers have full control and flexibility over
these resources and can install and configure any software they need on them. IaaS is suitable for
applications that have a unique stack of dependencies that may not be supported by other cloud service
models.

Question 38

A company wants to check its infrastructure and application for security issues regularly. Which of the following should the company implement?

A. Performance testing
B. Penetration testing
C. Vulnerability testing
D. Regression testing

Answer 38

Vulnerability testing

Explanation/Reference:
Vulnerability testing is a type of testing that identifies and evaluates the weaknesses or flaws in a system
or application that could be exploited by attackers. Vulnerability testing can help check the infrastructure
and application for security issues regularly, as it can reveal the potential risks and exposures that may
compromise the confidentiality, integrity, or availability of the system or application. Vulnerability testing
can also help remediate or mitigate the vulnerabilities by providing recommendations or solutions to fix or
reduce them. References: CompTIA Cloud+ Certification Exam Objectives, page 19, section 4.1
Reference: https://pure.security/services/technical-assurance/external-penetration-testing/

Question 39

A systems administrator needs to convert ten physical servers to virtual.

Which of the following would be the MOST efficient conversion method for the administrator to use?

A. Rebuild the servers from scratch
B. Use the vendor’s conversion tool
C. Clone the hard drive
D. Restore from backup

Answer 39

Use the vendor’s conversion tool

Explanation/Reference:
A vendor’s conversion tool is a type of software or utility that automates and simplifies the process of
converting physical servers to virtual machines by capturing the configuration and data of the physical
servers and creating virtual disks and files for the virtual machines. Using the vendor’s conversion tool can
be the most efficient conversion method for a systems administrator to use to convert ten physical servers
to virtual, as it can save time and effort by avoiding manual steps or errors involved in rebuilding, cloning,
or restoring the physical servers to virtual machines. Using the vendor’s conversion tool can also ensure
compatibility and consistency, as it can match the hardware and software requirements and settings of the
physical servers to the virtual machines. References: CompTIA Cloud+ Certification Exam Objectives,
page 10, section 1.5

Question 40

QUESTION 40
An OS administrator is reporting slow storage throughput on a few VMs in a private IaaS cloud. Performance graphs on the host show no increase in CPU or memory. However, performance graphs on the storage show a decrease of throughput in both IOPS and MBps but not much increase in latency. There is no increase in workload, and latency is stable on the NFS storage arrays that are used by those VMs.

Which of the following should be verified NEXT?

A. Application
B. SAN
C. VM GPU settings
D. Network

Answer 40

Network

Explanation/Reference:
The network is the set of devices, connections, protocols, and configurations that enable communication
and data transfer between different systems and applications. The network can affect the performance of
storage throughput by influencing factors such as bandwidth, latency, jitter, packet loss, and congestion.
Poor network performance can result in low storage throughput in both IOPS and MBps, as it can limit the
amount and speed of data that can be sent or received by the storage devices. Verifying the network
should be the next step for troubleshooting the issue of slow storage throughput on a few VMs in a private
IaaS cloud, as it can help identify and resolve any network-related problems that may be causing the issue.
References: CompTIA Cloud+ Certification Exam Objectives, page 17, section 3.4

Question 41

A cloud administrator needs to implement a mechanism to monitor the expense of the company’s cloud
resources.

Which of the following is the BEST option to execute this task with minimal effort?

A. Ask the cloud provider to send a daily expense report
B. Set custom notifications for exceeding budget thresholds
C. Use the API to collect expense information from cloud resources
D. Implement a financial tool to monitor cloud resource expenses

Answer 41

Set custom notifications for exceeding budget thresholds

Explanation/Reference:
Setting custom notifications for exceeding budget thresholds is the best option to execute the task of
monitoring the expense of the company’s cloud resources with minimal effort, as it can automate and
simplify the process of tracking and alerting the cloud administrator about any overspending or wastage of
cloud resources. Setting custom notifications can also help optimize the cost and performance of cloud
resources, as it can enable timely and proactive actions to adjust or optimize the resource allocation or
consumption based on the budget limits. References: CompTIA Cloud+ Certification Exam Objectives,
page 13, section 2.5

Question 42

A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance is very slow at the start of the work day, but the performance is fine during the rest of the day.

Which of the following is the MOST likely cause of the issue?

A. Disk I/O limits
B. Affinity rule
C. CPU oversubscription
D. RAM usage

Answer 42

CPU oversubscription

Question 43

A cloud administrator is switching hosting companies and using the same script that was previously used
to deploy VMs in the new cloud. The script is returning errors that the command was not found.

Which of the following is the MOST likely cause of the script failure?

A. Account mismatches
B. IP address changes
C. API version incompatibility
D. Server name changes

Answer 43

API version incompatibility

Explanation/Reference:
An application programming interface (API) is a set of rules or protocols that defines how different systems
or applications can communicate or interact with each other. An API version is a specific iteration or
release of an API that may have different features or functionalities than previous or subsequent versions.
API version incompatibility is the most likely cause of the script failure when switching hosting companies
and using the same script that was previously used to deploy VMs in the new cloud, as it can result in
errors or failures when trying to execute commands or functions that are not supported or recognized by
the new cloud provider’s API version. The issue can be resolved by updating or modifying the script to
match the new cloud provider’s API version. References: CompTIA Cloud+ Certification Exam Objectives,
page 13, section 2.5

Question 44

QUESTION 44
A web server has been deployed in a public IaaS provider and has been assigned the public IP address of 72.135.10.100. Users are now reporting that when they browse to the website, they receive a message indicating the service is unavailable. The cloud administrator logs into the server, runs a netstat command, and notices the following relevant output:

Which of the following actions should the cloud administrator take to resolve the issue?

Which of the following actions should the cloud administrator take to resolve the issue?
A. Assign a new IP address of 192.168.100.10 to the web server
B. Modify the firewall on 72.135.10.100 to allow only UDP
C. Configure the WAF to filter requests from 17.3.130.3
D. Update the gateway on the web server to use 72.135.10.1