- (Topic 1)
An organization requires the following to be achieved between the finance and marketing departments:
✑ Allow HTTPS/HTTP.
✑ Disable FTP and SMB traffic.
Which of the following is the MOST suitable method to meet the requirements?

1. A. Implement an ADC solution to load balance the VLAN traffic
2. B. Configure an ACL between the VLANs
3. C. Implement 802.1X in these VLANs
4. D. Configure on-demand routing between the VLANs

Correct Answer: B
An access control list (ACL) is a set of rules that defines which traffic is allowed or denied between different network segments or devices. An ACL can be used to filter traffic based on various criteria, such as source and destination addresses, ports, protocols, and applications. Configuring an ACL between the VLANs of the finance and marketing departments is the most suitable method to meet the requirements of allowing HTTPS/HTTP and disabling FTP and SMB traffic. An ACL can specify which ports and protocols are permitted or blocked between the VLANs, such as allowing port 80 (HTTP) and port 443 (HTTPS), and denying port 21 (FTP) and port 445 (SMB). References: [CompTIA Cloud+ Certification Exam Objectives], page 15, section 2.8

- (Topic 1)
A systems administrator is creating a playbook to run tasks against a server on a set schedule.
Which of the following authentication techniques should the systems administrator use within the playbook?

1. A. Use the server’s root credentials
2. B. Hard-code the password within the playbook
3. C. Create a service account on the server
4. D. Use the administrator’s SSO credentials

Correct Answer: C
A service account is a type of user account that is created for a specific service or application to run on a server or system. Creating a service account on the server is the best authentication technique to use within the playbook to run tasks against the server on a set schedule, as it can provide secure and consistent access to the server without exposing or hard-coding any sensitive credentials within the playbook. Creating a service account can also help manage and monitor the tasks and activities performed by the service or application on the server. References: CompTIA Cloud+ Certification Exam Objectives, page 14, section 2.7

- (Topic 4)
A VDI provider suspects users are installing prohibited software on the instances. Which of the following must be implemented to prevent the issue?

1. A. Log monitoring
2. B. Patch management
3. C. Vulnerability scanning
4. D. System hardening

Correct Answer: D
System hardening is the process of securing a system by reducing its attack surface and eliminating unnecessary services, features, or functions. System hardening can help prevent users from installing prohibited software on the VDI instances by applying policies and restrictions that limit the user privileges and access rights. For example, system hardening can disable the installation of software from unknown sources, enforce the use of strong passwords, enable encryption, and remove default accounts. System hardening can also improve the performance and stability of the VDI instances by removing
unwanted or unused components. References: [CompTIA Cloud+ CV0-003 Certification Study Guide], Chapter 9, Objective 9.1: Given a scenario, apply security controls and techniques.

- (Topic 4)
A cloud engineer is responsible for a legacy web application that runs on an on-premises VM environment. The VM environment is approaching end of life. The engineer needs to migrate the web application to the cloud as quickly as possible because the VM environment has the following limitations:
• The VM environment has a single IOGB disk.
• The VM environment still uses 10Mbps, which leaves a 100Mbps WAN connection underutilized.
• No installation media is available.
Which of the following is the best way to migrate the web application to the cloud?

1. A. Use the VM import connector to import the VM into the cloud.
2. B. Use import/export to import the VM as a snapshot and attach it to a cloud instance.
3. C. Use REST APIs to import an image of the VM into the cloud.
4. D. Use object storage to create a backup of the VM and restore data into the cloud instance.

Correct Answer: A
A VM import connector is a tool that allows you to import virtual machines from your on-premises environment into the cloud using a graphical user interface. This is the fastest and easiest way to migrate a legacy web application without requiring installation media or changing the configuration of the VM. The VM import connector can also handle the disk size and network bandwidth limitations of the on-premises VM environment. References: EC2 VM Import Connector | AWS News Blog, Import a VMware Virtual Machine to Oracle Cloud Infrastructure, CompTIA Cloud+ Certification Exam Objectives, Domain 2.0: Deployment, Objective 2.1: Given a scenario, execute and implement solutions using appropriate cloud migration tools and methods.

- (Topic 2)
A systems administrator is about to deploy a new VM to a cloud environment. Which of the following will the administrator MOST likely use to select an address for the VM?

1. A. CDN
2. B. DNS
3. C. NTP
4. D. IPAM

Correct Answer: D
IPAM (IP Address Management) is what the administrator will most likely use to select an address for the new VM that is about to be deployed to a cloud environment. IPAM is a tool or service that allows customers to plan, track, and manage the IP addresses and DNS names of their cloud resources or systems. IPAM can help to select an address for the new VM by providing information such as available IP addresses, IP address ranges, subnets, domains, etc., as well as ensuring that the address is unique and valid.