- (Topic 3)
Users currently access SaaS email with five-character passwords that use only letters and numbers. An administrator needs to make access more secure without changing the password policy. Which of the following will provide a more secure way of accessing email at the lowest cost?
Correct Answer:
B
Enable MFA with a one-time password. MFA stands for multi-factor authentication, which is a method of verifying a user’s identity by requiring two or more forms of authentication. A one-time password (OTP) is a code that is generated randomly and valid only for a short period of time. By enabling MFA with OTP, the administrator can make access to the SaaS email more secure without changing the password policy, as users will need to provide both their password and an OTP to sign in.
- (Topic 1)
A media company has made the decision to migrate a physical, internal file server to the cloud and use a web- based interface to access and manage the files. The users must be able to use their current corporate logins.
Which of the following is the MOST efficient way to achieve this goal?
Correct Answer:
B
Software as a service (SaaS) is a type of cloud service model that provides software applications over the Internet that are hosted and managed by a cloud service provider. Directory service federation is a type of authentication mechanism that allows users to access multiple systems or applications across different domains or organizations with a single login credential. Using a SaaS service with a directory service federation can help migrate an internal file server to the cloud and use a web-based interface to access and manage the files, as it can eliminate the need for maintaining an on-premises file server and enable seamless and secure access to cloud-based files using the same corporate logins. References: CompTIA Cloud+ Certification Exam Objectives, page 8, section 1.2
- (Topic 3)
A company has two primary offices, one in the United States and one in Europe. The company uses a public laaS service that has a global data center presence to host its marketing materials. The marketing team, which is primarily based in Europe, has reported latency issues when retrieving these materials. Which of the following is the BEST option to reduce the latency issues?
Correct Answer:
B
The best option to reduce the latency issues for the marketing team that is primarily based in Europe when retrieving the marketing materials that are hosted on a public IaaS service is to integrate a CDN (content delivery network) solution to distribute web content globally. A CDN is a network of geographically distributed servers that cache and deliver web content to users based on their proximity and network conditions. A CDN can improve the performance and availability of web content by reducing the distance and hops between the users and the servers, as well as offloading the traffic from the origin server. Reference: [CompTIA Cloud+ Certification Exam Objectives], Domain 3.0 Maintenance, Objective 3.4 Given a scenario, implement automation and orchestration to optimize cloud operations
- (Topic 4)
A cloud solutions architect is working on a private cloud environment in which storage consumption is increasing daily, resulting in high costs. Which of the following can the architect use to provide more space without adding more capacity? (Select two).
Correct Answer:
BD
B. Deduplication and D. Compression are the two options that the architect can use to provide more space without adding more capacity. Deduplication is the process of eliminating duplicate copies of data that are stored in different locations, thus reducing the storage consumption and costs1. Compression is the process of reducing the size of data by applying algorithms that remove redundant or unnecessary information, thus saving storage space and bandwidth2. Both deduplication and compression can improve the efficiency and performance of cloud storage solutions12.
- (Topic 4)
A cloud engineer is troubleshooting RSA key-based authentication from a local computer to a cloud-based server, which is running SSH service on a default port. The following file permissions are set on the authorized keys file:
-rw-rw-rw-1 ubuntu ubuntu 391 Mar S 01:36 authorized _ keys
Which Of the following security practices are the required actions the engineer Should take to gain access to the server? (Select TWO).
Correct Answer:
CD
The correct answer is C and D.
* C. Fix the file permissions with read-only access to the owner of the file.
* D. Open port 22 access for the computer’s public IP address.
The authorized_keys file on the server should have read-only access for the owner of the file, and no access for anyone else. This ensures that only the owner can read the public keys that are authorized to log in, and no one can modify or delete them. The file permissions can be fixed with the command chmod 400 ~/.ssh/authorized_keys on the server. This is a recommended security practice for SSH key-based authentication123. The computer that wants to log in to the server using SSH key-based authentication needs to have access to port 22 on the server, which is the default port for SSH service. This can be done by opening port 22 access for the computer’s public IP address on the server’s firewall or security group settings. This allows the computer to initiate an SSH connection to the server and authenticate with its private key. Opening port 21, which is used for FTP service, is not relevant or secure for SSH key-based authentication1.