- (Topic 2)
A cloud administrator is managing an organization's infrastructure in a public cloud. All servers are currently located in a single virtual network with a single firewall that all traffic must pass through. Per security requirements, production, QA, and development servers should not be able to communicate directly with each other. Which of the following should an administrator perform to comply with the security requirement?
Correct Answer:
A
These are the actions that the administrator should perform to comply with the security requirement of isolating production, QA, and development servers from each other in a public cloud environment:
✑ Create separate virtual networks for production, QA, and development servers: A virtual network is a logical isolation of network resources or systems within a cloud environment. Creating separate virtual networks for different types of servers can help to segregate them from each other and prevent direct communication or interference.
✑ Move the servers to the appropriate virtual network: Moving the servers to the appropriate virtual network can help to assign them to their respective roles and functions, as well as ensure that they follow the network policies and rules of their virtual network.
✑ Apply a network security group to each virtual network that denies all traffic except for the firewall: A network security group is a set of rules or policies that control and filter inbound and outbound network traffic for a virtual network or system. Applying a network security group to each virtual network that denies all traffic except for the firewall can help to enforce security and compliance by blocking any unauthorized or unwanted traffic between different types of servers, while allowing only necessary traffic through the firewall.
- (Topic 4)
An organization's executives would like to allow access to devices that meet the corporate security compliance levels. Which of the following criteria are most important for the organization to consider? (Select two).
Correct Answer:
CD
Antivirus version and definition and OS patch level are important criteria for the organization to consider when allowing access to devices that meet the corporate security compliance levels. These criteria can help ensure that the devices are protected from malware and vulnerabilities that could compromise the security of the organization’s data and systems. Serial number, firmware, CPU architecture, and manufacturer are not directly related to security compliance levels, although they may be relevant for other purposes such as inventory management or compatibility.
References: CompTIA Cloud+ CV0-003 Exam Objectives, Objective 4.2: Given a scenario, apply security configurations and compliance controls1 ; CompTIA Quick Start Guide to Tackling Cloud Security Concerns2
- (Topic 1)
A SaaS provider wants to maintain maximum availability for its service. Which of the following should be implemented to attain the maximum SLA?
Correct Answer:
B
An active-active site is a type of disaster recovery (DR) site that runs simultaneously with the primary site and handles part of the normal workload or traffic. An active-active site can help maintain maximum availability for a SaaS service, as it can provide load balancing, redundancy, and failover capabilities for the SaaS service in case of an outage or disruption at the primary site. An active-active site can also improve performance and scalability, as it can distribute the workload or traffic across multiple sites and handle increased demand or peak periods. References: CompTIA Cloud+ Certification Exam Objectives, page 10, section 1.5
- (Topic 3)
A systems administrator wants to restrict access to a set of sensitive files to a specific group of users. Which of the following will achieve the objective?
Correct Answer:
C
The best way to restrict access to a set of sensitive files to a specific group of users is to change the file permissions and ownership of the files. File permissions and ownership are attributes that determine who can read, write, execute, or modify the files. By changing the file permissions and ownership, the systems administrator can grant or deny access to the files based on the user identity or group membership.
Reference: CompTIA Cloud+ Certification Exam Objectives, Domain 2.0 Security, Objective 2.3 Given a scenario, implement appropriate access control measures for a cloud environment.
- (Topic 2)
A disaster situation has occurred, and the entire team needs to be informed about the situation. Which of the following documents will help the administrator find the details of the relevant team members for escalation?
Correct Answer:
D
A call tree is what will help the administrator find the details of the relevant team members for escalation after a disaster situation has occurred and the entire team needs to be informed about the situation. A call tree is a document or diagram that shows the hierarchy or sequence of communication or notification among team members in case of an emergency or incident, such as a disaster situation. A call tree can help to find the details of the relevant team members for escalation by providing information such as:
✑ Name: This indicates who is involved in the communication or notification process, such as team members, managers, stakeholders, etc.
✑ Role: This indicates what is their function or responsibility in the communication or notification process, such as initiator, receiver, sender, etc.
✑ Contact: This indicates how they can be reached or contacted in the communication or notification process, such as phone number, email address, etc.