A cloud architect is preparing environments to develop a new application that will process sensitive data. The project team consists of one internal developer, two external consultants, and three testers. Which of the following is the most important security control for the cloud architect to consider implementing?

1. A. Setting up private development, public development, and testing environments
2. B. Segregating environments for internal and external teams
3. C. Configuring DDoS protection to mitigate the risk of downtime
4. D. Using IAM and ACL in order to bolster DLP

Correct Answer: D
In a project handling sensitive data with a mix of internal and external team members, implementing Identity and Access Management (IAM) and Access Control Lists (ACL) is crucial for Data Loss Prevention (DLP). These controls ensure that only authorized individuals have access to specific resources, and actions are governed according to the principle of least privilege, minimizing the risk of data leakage or unauthorized access.

A cloud administrator needs to distribute workloads across remote data centers for redundancy reasons. Which of the following deployment strategies would eliminate downtime, accelerate deployment, and remain cost efficient?

1. A. In-place
2. B. Rolling
3. C. Blue-green
4. D. Canary

Correct Answer: C
Blue-green deployment is the strategy that can eliminate downtime, accelerate deployment, and remain cost-efficient. It involves running two identical production environments, only one of which is live at any given time (blue or green). When it's time to deploy, the new version is released to the inactive environment (green), which is then thoroughly tested. Once ready, the traffic is switched over, making the green environment live.References: Deployment strategies and their impact on operations are a significant topic within the CompTIA Cloud+ examination objectives.

A DevOps engineer is performing maintenance on the mail servers for a company's web application. Part of this maintenance includes checking core operating system updates. The servers are currently running version 3.2 of the operating system. The engineer has two update options—one to version 4.1 and the other to version 3.7. Both versions are fully supported by the operating system manufacturer. Which of the following best describes the action the engineer should take?

1. A. Upgrade to 3.7 in the development environment.
2. B. Upgrade to 4.1 on one production server at a time.
3. C. Read the release notes on version 4.1.
4. D. Schedule a maintenance window and upgrade to 3.7 in the production environment.

Correct Answer: A
Before making any updates to the production environment, the best course of action is to perform the update in a development or testing environment. Upgrading to version 3.7, which is a minor update, is generally less risky and should be tested first to ensure compatibility and stability before considering the major update to version 4.1.References: The process of updating and maintaining servers, including the validation ofupdates in a non-production environment, is part of the technical operations management covered in CompTIA Cloud+.

A company wants to combine solutions in a central and scalable environment to achieve the following goals:
• Control
• Visibility
• Automation
• Cost efficiency
Which of the following best describes what the company should implement?

1. A. Batch processing
2. B. Workload orchestration
3. C. Containerization
4. D. Application modernization

Correct Answer: B
Workload orchestration is the best description of what the company should implement to achieve control, visibility, automation, and cost efficiency. It involves using orchestration tools to manage workloads in cloud environments, ensuring resources are used efficiently and operations are automated.References: Workload orchestration is a part of cloud management strategies discussed under the Management and Technical Operations domain in the CompTIA Cloud+ objectives.

A cloud engineer wants to implement a monitoring solution to detect cryptojacking and other cryptomining malware on cloud instances. Which of the following metrics would most likely be used to identify the activity?

1. A. Disk I/O
2. B. Network packets
3. C. Average memory utilization
4. D. Percent of CPU utilization

Correct Answer: D
To detect cryptojacking and other cryptomining malware on cloud instances, monitoring the percent of CPU utilization is most effective. Cryptomining malware typically consumes a significant amount of CPU resources for mining operations, leading to unusually high CPU usage. Monitoring and analyzing CPU utilization metrics can help identify instances of cryptojacking by highlighting abnormal levels of resource consumption.References: Understanding management and technical operations in cloud environments, as outlined in the CompTIA Cloud+ objectives, includes the use of monitoring solutions to detect and respond to security threats like cryptomining malware, ensuring the integrity and performance of cloud resources.