CV0-003 CompTIA Exam Lab Questions

One possible answer is:

B. VPN

A VPN (Virtual Private Network) is a technology that creates a secure and encrypted connection between a remote device and a private network over the internet. A VPN can help prevent unauthorized disclosure of financial information during the migration from a private cloud to the public cloud, as it can protect the data in transit from interception, tampering, or leakage. A VPN can also help maintain compliance with data privacy regulations, such as GDPR or PCI DSS, by ensuring that the data is only accessible by authorized parties12.

ACL (Access Control List) is a method of controlling access to resources based on user or group permissions. ACL can help enforce security policies and restrict access to sensitive data, but it does not encrypt or protect the data in transit3.

P2V (Physical to Virtual) is a process of converting a physical machine into a virtual machine. P2V can help migrate workloads from on-premises servers to cloud servers, but it does not ensure the security of the data during the migration4.

VDI (Virtual Desktop Infrastructure) is a technology that provides users with virtual desktops hosted on a centralized server. VDI can help improve the performance, availability, and manageability of desktop environments, but it does not address the security of the data during the migration5.

The first step in any incident response procedure is to contain the incident and prevent it from spreading or causing more damage. In this scenario, the systems administrator is reviewing the logs from a company’s IDS and notices a large amount of outgoing traffic from a particular server. The administrator then runs a scan on the server, which detects malware that cannot be removed. This indicates that the server is compromised and may be sending malicious or sensitive data to an external source. Therefore, the best thing to do first is to disconnect the server from the network, which will isolate it from the rest of the system and stop the data exfiltration. Determining the root cause, performing a more intrusive scan, and restoring the server from a backup are all important steps, but they should be done after the server is disconnected from the network. References: CompTIA Cloud+ CV0-003 Certification Study Guide, Chapter 10, Incident Response Procedures, page 1771.

Tags are key-value pairs that can be applied to cloud resources to organize, categorize, and filter them. Tags can also be used to assign resources to backup jobs based on their RPO requirements. The cloud engineer forgot to configure the appropriate tag for the new VM that matches the text-based variable of the backup platform. Therefore, the backup platform did not add the VM to the correct job. References: Tags and labels | Cloud Storage | Google Cloud, CompTIA Cloud+ Certification Exam Objectives, Domain 4.0: Operations and Support, Objective 4.3: Given a scenario, apply the appropriate methods for cost control in a cloud environment.

Hardened baselines are a set of security best practices that reduce the vulnerability of a system to exploits by reducing its attack surface1. They are also known as security configurations or benchmarks, and they provide a standard level of system hardening for an organization23.

Checking the hardened baselines of the servers is the first step that a cloud administrator should take to ensure compliance with the company’s security policy. This is because hardened baselines can help to:

Identify and eliminate common vulnerabilities and exposures (CVEs) that attackers can exploit1.

Remove unnecessary or unused services, accounts, software, and ports that can increase the attack surface23.

Apply appropriate settings and controls for encryption, authentication, authorization, firewall, and logging23.

Streamline audits and testing by reducing complexity and providing a reliable benchmark23.