An organization's security policy states that software applications should not exchange sensitive data in cleartext. The security analyst is concerned about a software application that uses Base64 to encode credit card data. Which of the following would be the best algorithm to replace Base64?
Correct Answer:
B
AES (Advanced Encryption Standard) is the best algorithm to replace Base64 for secure data exchange. Base64 is an encoding method that is not secure by itself, as it's easily reversible. AES, on the other hand, is a widely used encryption standard that ensures data is protected and is not readable without the correct encryption key.References: Encryption standards and practices, including the use of AES for securing data, are essential knowledge in cloud security covered in CompTIA Cloud+.
Which of the following cloud-native architecture designs is the most easily maintained, decentralized, and decoupled?
Correct Answer:
D
Microservices architecture is a design approach to build a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. This design is decentralized and each service is fully decoupled, allowing for easier maintenance and scaling. Each microservice is built around a specific business capability and can be deployed independently, unlike monolithic architectures that are typically centralized and less flexible. References: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Designing a Cloud Environment
An organization needs to retain its data for compliance reasons but only when required. Which of the following would be the most cost-effective type of tiered storage?
Correct Answer:
C
Archive storage is the most cost-effective type of tiered storage for retaining data that is infrequently accessed and only when required for compliance reasons. It is designed for long-term storage and offers lower storage costs compared to hot, cold, or warm storage tiers.References: Understanding data storage and the various tiers, including archival storage, is part of cloud storage strategies covered in the CompTIA Cloud+ certification.
Which of the following service options would provide the best availability for critical applications in the event of a disaster?
Correct Answer:
C
Availability zones provide the best availability for critical applications in the event of a disaster. They are distinct locations within a cloud region that are engineered to be isolated from failures in other availability zones, thus providing redundancy and failover capabilities, which is essential for maintaining high availability of critical applications.References: The concept of availability zones and their importance in disaster recovery and high availability is covered under the domain of Management and Technical Operations in the CompTIA Cloud+ objectives.
A customer relationship management application, which is hosted in a public cloud laaS network, is vulnerable to a remote command execution vulnerability. Which of the following is the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?
Correct Answer:
D
A Web Application Firewall (WAF) is the best solution to implement for a public cloud IaaS hosted customer relationship management application vulnerable to remote command execution attacks. WAFs are designed to monitor, filter, and block malicious HTTP/S traffic to and from a web application to protect against various application layer attacks, including remote command execution. References: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Security in the Cloud