September/2023 Latest Braindump2go CV0-003 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go CV0-003 Real Exam Questions!
QUESTION 737
A company would like to migrate its current on-premises workloads to the public cloud. The current platform requires at least 80 instances running at all times to work properly. The company wants the workload to be highly available, even if the cloud provider loses one region due to a catastrophe, and the costs to be kept to a minimum. Which of the following strategies should the company implement?
A. Create /25 subnets in two regions and run 80 instances on each one.
B. Create /26 subnets in two regions and run 40 instances on each one.
C. Create /26 subnets in three regions and run 40 instances on each one.
D. Create /26 subnets in three regions and run 80 instances on each one.
Answer: C
Explanation:
This strategy will create three /26 subnets, each with a capacity of 64 instances. By running 40 instances on each subnet, the company will be able to maintain a minimum of 80 instances running at all times, even if one region is unavailable. This will ensure that the workload is highly available, even in the event of a catastrophe.
QUESTION 738
A web application has been configured to use auto-scaling for provisioning and deprovisioning more VMs according to the workload. The systems administrator deployed a new Cl/CD tool to automate new releases of the web application. During the night, a script was deployed and configured to be executed by the VMs during bootstrapping. Now, the auto-scaling configuration is creating a new VM every five minutes. Which of the following actions will MOST likely resolve the issue?
A. Reducing the maximum threshold in the auto-scaling configuration
B. Debugging the script and redeploying it
C. Changing the automation tool because it is incompatible
D. Modifying the script to shut down the VM after five minutes
Answer: B
Explanation:
The most likely cause of the issue is the script that is being executed by the VMs during bootstrapping. The script is probably creating a new VM every five minutes.
To resolve the issue, you should debug the script and redeploy it. This will ensure that the script is not creating new VMs every five minutes.
QUESTION 739
A systems administrator is troubleshooting an application that is configured to auto-scale with a minimum of two nodes and a maximum of four. The application will scale out if the CPU utilization of one of the nodes exceeds 80% for more than five minutes and will scale in if the CPU utilization of one of the nodes drops under 20% for more than ten minutes. There is a reverse proxy in front of the application. The systems administrator notices two of the nodes are often running over 80% for a long period of time, which is triggering the creation of the other two nodes; however, they are being created and terminated while the load in the first two remains over 50% all the time. Which of the following should the administrator configure to fix this issue?
A. Disable DNS caching in the reverse proxy.
B. Reduce the minimum node count to one.
C. Disable TLS tickets.
D. Reduce the scale-out rule to 50%.
E. Increase the scale-in rule to 50%.
Answer: E
Explanation:
The current scale-in rule is set to 20%, which means that a node will only be scaled in if the CPU utilization drops below 20%. The administrator should increase this value to 50%, which will mean that a node will be scaled in if the CPU utilization drops below 50%. This will prevent the nodes from being created and terminated so frequently.
QUESTION 740
Over the last couple of years, the growth of a company has required a more complex DNS and DHCP environment. Which of the following should a systems administration team implement as an appropriate solution to simplify management?
A. IPAM
B. DoH
C. VLAN
D. SDN
Answer: A
Explanation:
IPAM stands for IP address management. It is a system that helps to manage IP addresses in a network. IPAM can help to simplify the management of DNS and DHCP by providing a central repository for IP address information. This can help to reduce errors and improve efficiency.
QUESTION 741
A financial industry services firm was the victim of an internal data breach, and the perpetrator was a member of the company’s development team. During the investigation. one of the security administrators accidentally deleted the perpetrator’s user data. Even though the data is recoverable, which of the following has been violated?
A. Chain of custody
B. Evidence acquisition
C. Containment
D. Root cause analysis
Answer: A
Explanation:
The chain of custody refers to the process of maintaining a record of the location, custody, and control of electronic evidence from the time it is collected to the time it is presented in court. In the given scenario, the security administrator accidentally deleted the perpetrator’s user data during the investigation, which violates the chain of custody. By deleting the data, the administrator has altered the original evidence, which can affect the outcome of the investigation and any legal proceedings that may follow.
QUESTION 742
A cloud administrator is monitoring a database system and notices an unusual increase in the read operations, which is causing a heavy load in the system. The system is using a relational database and is running in a VM. Which of the following should the administrator do to resolve the issue with minimal architectural changes?
A. Migrate the relational database to a NoSQL database
B. Use a cache system to store reading operations
C. Create a secondary standby database instance
D. Implement the database system using a DBaaS
Answer: B
Explanation:
A cache system is a temporary storage that stores frequently accessed data. This can help to improve the performance of the database system by reducing the number of times the database needs to be accessed.
QUESTION 743
A financial services company is considering its options for moving its infrastructure to the cloud. The company runs its critical database on a proprietary legacy mainframe, which cannot be hosted anywhere but in the data center. However, the company would like to migrate portions of the infrastructure to an external provider. Which of the following cloud deployment models would be the BEST option?
A. Private
B. Public
C. Community
D. Hybrid
Answer: D
Explanation:
A hybrid cloud is a combination of a public cloud and a private cloud. This allows the company to keep its critical database in the data center while migrating other workloads to the public cloud.
QUESTION 744
A storage administrator is reviewing the storage consumption of a SAN appliance that is running a VDI environment. Which of the following features should the administrator implement to BEST reduce the storage consumption of the SAN?
A. Deduplication
B. Thick provisioning
C. Compression
D. SDS
Answer: A
Explanation:
Deduplication is a technique that removes duplicate copies of data. This can help to significantly reduce the amount of storage space that is required.
QUESTION 745
A company is deploying a public cloud solution for an existing application using lift and shift. The requirements for the applications are scalability and external access. Which of the following should the company implement? (Choose two.)
A. A load balancer
B. SDN
C. A firewall
D. SR-IOV
E. Storage replication
F. A VPN
Answer: AC
Explanation:
The company should implement a load balancer and a firewall to meet the scalability and external access requirements for the application.
A load balancer distributes traffic across multiple servers, which can help to improve the scalability of the application. A firewall controls access to the application, which can help to protect it from unauthorized access.
QUESTION 746
A systems administrator is concerned about having two virtual database servers on the same host. Which of the following should be configured?
A. Regions
B. Anti-affinity
C. Oversubscription
D. Container
Answer: B
Explanation:
Anti-affinity is a policy that prevents two or more virtual machines from being placed on the same host. This is useful for ensuring that critical applications are not hosted on the same host, which could lead to downtime if the host fails.
QUESTION 747
A systems administrator has verified that a physical switchport that is connected to a virtualization host is using all available bandwidth. Which of the following would BEST address this issue?
A. Port mirroring
B. Link aggregation
C. Spanning tree
D. Microsegmentation
Answer: D
Explanation:
Using the orchestrator’s secret manager (e.g., Kubernetes Secrets, Docker Swarm Secrets) is the most secure way to store sensitive information such as credentials for a containerized application. This method ensures that secrets are stored securely, encrypted at rest, and can be accessed only by authorized containers. Additionally, it simplifies the management of credentials, as they are centrally managed and can be updated without modifying the container image or the application code.
QUESTION 748
A piece of software applies licensing fees on a socket-based model. Which of the following is the MOST important consideration when attempting to calculate the licensing costs for this software?
A. The amount of memory in the server
B. The number of CPUs in the server
C. The type of cloud in which the software is deployed
D. The number of customers who will be using the software
Answer: B
Explanation:
A socket-based licensing model means that the software is licensed per CPU socket. So, the most important consideration when calculating the licensing costs is the number of CPUs in the server.
QUESTION 749
A cloud administrator is evaluating a solution that will limit access to authorized individuals. The solution also needs to ensure the system that connects to the environment meets patching, antivirus and configuration requirements. Which of the following technologies would BEST meet these requirements?
A. NAC
B. EDR
C. IDS
D. HIPS
Answer: B
Explanation:
NAC (Network Access Control) is a solution in which you define conditions that need to be fulfilled for device to access the network. Those conditions could be OS, OS version, Antivirus.
QUESTION 750
A security team is conducting an audit of the security group configurations for the Linux servers that are hosted in a public IaaS The team identifies the following rule as a potential issue:
A cloud administrator, who is working remotely, logs in to the cloud management console and modifies the rule to set the source to “My IP.” Shortly after deploying the rule, an internal developer receives the following error message when attempting to log in to the server using SSH: Network error: Connection timed out. However, the administrator is able to connect successfully to the same server using SSH. Which of the following is the BEST option for both the developer and the administrator to access the server from their locations?
A. Modify the outbound rule to allow the company’s external IP address as a source
B. Add an inbound rule to use the IP address for the company’s main office as a source
C. Modify the inbound rule to allow the company’s external IP address as a source
D. Delete the inbound rule to allow the company’s external IP address as a source
Answer: C
Explanation:
The SSH server needs an inbound rule to be accessed, not outbound (A). Agree to concepcionz and mattygster, as earlier test showed the rule working OK in priniciple, but needs tweaking.
QUESTION 751
A systems administrator needs to modify the replication factors of an automated application container from 3 to 5. Which of the following file types should the systems administrator modify on the master controller?
A. .yaml
B. .txt
C. .conf
D. .etcd
Answer: A
Explanation:
A YAML file is a human-readable data serialization format. It is often used to configure applications and services. In Kubernetes, the replication factor of an automated application container is defined in the YAML file for the application.
QUESTION 752
An organization is conducting a performance test of a public application. The following actions have already been completed:
– The baseline performance has been established
– A load test has passed.
– A benchmark report has been generated
Which of the following needs to be done to conclude the performance test?
A. Verify the application works well under an unexpected volume of requests.
B. Assess the application against vulnerabilities and/or misconfiguration exploitation.
C. Test how well the application can resist a DDoS attack.
D. Conduct a test with the end users and collect feedback.
Answer: D
Explanation:
The purpose of a performance test is to assess the performance of an application under a variety of conditions. The goal is to identify any potential bottlenecks or performance issues that could impact the user experience.
QUESTION 753
Audit and system logs are being forwarded to a syslog solution. An administrator observes that two application servers have not generated any logs for a period of three days, while others continue to send logs normally. Which of the following BEST explains what is occurring?
A. There is a configuration failure in the syslog solution
B. The application servers were migrated to the cloud as IaaS instances
C. The application administrators have not performed any activity in those servers
D. There is a local firewall policy restriction on the syslog server
Answer: D
Explanation:
Syslog is a standard protocol for sending logs from a server to a centralized logging server. The syslog server is typically configured to accept logs from all servers on the network.
If two application servers have not generated any logs for a period of three days, while others continue to send logs normally, the most likely explanation is that there is a local firewall policy restriction on the syslog server that is blocking the logs from the two application servers.
QUESTION 754
A cloud administrator needs to control the connections between a group of web servers and database servers as part of the financial application security review. Which of the following would be the BEST way to achieve this objective?
A. Create a directory security group
B. Create a resource group
C. Create separate VLANs
D. Create a network security group
Answer: D
Explanation:
A network security group (NSG) is a collection of security rules that control the inbound and outbound traffic for a group of network interfaces. By creating an NSG that allows only connections between the web servers and database servers, the cloud administrator can control the connections between the two groups of servers and improve the security of the financial application.
QUESTION 755
A large pharmaceutical company needs to ensure it is in compliance with the following requirements:
– An application must run on its own virtual machine.
– The hardware the application is hosted on does not change.
Which of the following will BEST ensure compliance?
A. Containers
B. A firewall
C. Affinity rules
D. Load balancers
Answer: C
Explanation:
Affinity rules are a feature of virtualization that allow you to group virtual machines together so that they always run on the same host. This ensures that the application always runs on the same hardware, even if the host is rebooted or replaced.
QUESTION 756
A company wants to utilize its private cloud for a new application. The private cloud resources can meet 75% of the application’s resource requirements. Which of the following scaling techniques can the cloud administrator implement to accommodate 100% of the application’s requirements?
A. Horizontal
B. Vertical
C. Cloud bursting
D. Autoscaling
Answer: C
Explanation:
Cloud bursting is a scaling technique that allows an organization to use public cloud resources to supplement its private cloud resources when demand exceeds the capacity of the private cloud. This allows the organization to meet 100% of the application’s resource requirements without having to overprovision the private cloud.
QUESTION 757
A systems administrator is configuring a storage system for maximum performance and redundancy. Which of the following storage technologies should the administrator use to achieve this?
A. RAID 5
B. RAID 6
C. RAID 10
D. RAID 50
Answer: C
Explanation:
RAID 10 is a hybrid RAID level that combines the features of RAID 0 and RAID 1. It provides both striping and mirroring, which gives it the best performance and redundancy of any RAID level.
RAID 5 provides striping with parity, which offers good performance and redundancy. However, it does not provide as much redundancy as RAID 10.
RAID 6 provides striping with double parity, which offers even better redundancy than RAID 5. However, it does not offer as much performance as RAID 10.
RAID 50 is a striped array of RAID 5 arrays, which provides good performance and redundancy. However, it is not as efficient as RAID 10.
QUESTION 758
A company is performing a DR drill and is looking to validate its documentation. Which of the following metrics will determine the service recovery duration?
A. MTTF
B. SLA
C. RTO
D. RPO
Answer: C
Explanation:
RTO stands for Recovery Time Objective. It is the maximum amount of time that an organization can tolerate for a service to be unavailable before it begins to incur unacceptable losses.
QUESTION 759
A company is migrating workloads from on premises to the cloud and would like to establish a connection between the entire data center and the cloud environment. Which of the following VPN configurations would accomplish this task?
A. Site-to-site
B. Client-to-site
C. Point-to-site
D. Point-to-point
Answer: A
Explanation:
A site-to-site VPN is a connection between two networks, such as an on-premises data center and a cloud environment. It is the most common type of VPN and is used to securely connect two networks over the public internet.
QUESTION 760
A product-based company wants to transition to a method that provides the capability to enhance the product seamlessly and keep the development iterations to a shorter time frame. Which of the following would BEST meet these requirements?
A. Implement a secret management solution
B. Create autoscaling capabilities
C. Develop CI/CD tools
D. Deploy a CMDB tool
Answer: C
Explanation:
Continuous Integration and Continuous Deployment (CI/CD) is a software development approach that aims to enhance the development process, ensure quicker iterations, and provide seamless enhancement of products. With CI/CD, code changes are automatically integrated, tested, and deployed to production environments, reducing the time it takes to deliver updates and enhancements to the product.
QUESTION 761
A company is using an IaaS environment. Which of the following licensing models would BEST suit the organization from a financial perspective to implement scaling?
A. Subscription
B. Volume-based
C. Per user
D. Socket-based
Answer: B
Explanation:
A volume-based licensing model charges the organization based on the amount of resources that they use. This is the best option for organizations that need to scale their IaaS environment, as they only pay for the resources that they use.
QUESTION 762
A cloud security engineer needs to ensure authentication to the cloud provider console is secure. Which of the following would BEST achieve this objective?
A. Require the user’s source IP to be an RFC1918 address
B. Require the password to contain uppercase letters, lowercase letters, numbers, and symbols
C. Require the use of a password and a physical token.
D. Require the password to be ten characters long
Answer: C
Explanation:
A physical token is a small device that generates a one-time password (OTP) that is used in conjunction with a password to authenticate to a system. This makes it much more difficult for an attacker to gain unauthorized access to the cloud provider console, even if they have the user’s password.
QUESTION 763
A cloud administrator has deployed a website and needs to improve the site security to meet requirements. The website architecture is designed to have a DBaaS in the back end and autoscaling instances in the front end using a load balancer to distribute the request. Which of the following will the cloud administrator MOST likely use?
A. An API gateway
B. An IPS/IDS
C. A reverse proxy
D. A WAF
Answer: D
Explanation:
A WAF can protect web applications from common web-based attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Since the website has a DBaaS backend, a WAF can help protect the database from SQL injection attacks. Additionally, since the website architecture is designed to use autoscaling instances in the front end with a load balancer, a WAF can help protect each instance from web-based attacks.
An API gateway is used to manage API traffic, while an IPS/IDS (Intrusion Prevention System/Intrusion Detection System) is used to detect and prevent network attacks. A reverse proxy is used to distribute client requests across multiple servers, while also providing an additional layer of security. However, none of these are as well suited as a WAF for protecting web applications from web-based attacks.
QUESTION 764
An administrator manages a file server that has a lot of users accessing and creating many files. As a result, the storage consumption is growing quickly. Which of the following would BEST control storage usage?
A. Compression
B. File permissions
C. User quotas
D. Access policies
Answer: C
Explanation:
User quotas are limits on the amount of storage space that a user can use on a file server. This can help to control storage usage by preventing users from creating too many files or storing too much data on the file server.
QUESTION 765
A systems administrator is writing a script for provisioning nodes in the environment. Which of the following would be BEST for the administrator to use to provision the authentication credentials to the script?
A. password=’curl https://10.2.3.4/api/sytemops?op=provision’
B. password=$env_password
C. password=$(cat /opt/app/credentials)
D. password=”MyS3cretP4sswordIsVeryL0ng”
Answer: C
Explanation:
The best way to provision authentication credentials to a script is to use a secure method, such as storing the credentials in a file that is not accessible to the public.
QUESTION 766
A cloud administrator is configuring several security appliances hosted in the private IaaS environment to forward the logs to a central log aggregation solution using syslog. Which of the following firewall rules should the administrator add to allow the web servers to connect to the central log collector?
A. Allow UDP 161 outbound from the web servers to the log collector
B. Allow TCP 514 outbound from the web servers to the log collector
C. Allow UDP 161 inbound from the log collector to the web servers
D. Allow TCP 514 inbound from the log collector to the web servers
Answer: B
Explanation:
Syslog uses port 514 for communication, and the web servers are sending logs to the central log collector. Therefore, the firewall rule should allow outbound traffic from the web servers to the log collector on TCP port 514.
QUESTION 767
A company has two identical environments (X and Y) running its core business application. As part of an upgrade, the X environment is patched/upgraded and tested while the Y environment is still serving the consumer workloads. Upon successful testing of the X environment, all workload is sent to this environment, and the Y environment is then upgraded before both environments start to manage the workloads. Which of the following upgrade methods is being used?
A. Active-passive
B. Canary
C. Development/production
D. Blue-green
Answer: D
Explanation:
The upgrade method used in this scenario is the “Blue-green” deployment.
QUESTION 768
A systems administrator received an email from a cloud provider stating that storage is 80% full on the volume that stores VDI desktops. Which of the following is the MOST efficient way to mitigate the situation?
A. Deduplication
B. Compression
C. Replication
D. Storage migration
Answer: A
Explanation:
Deduplication is the process of identifying and removing duplicate data. This can free up a significant amount of storage space, especially on volumes that store large amounts of data that is frequently duplicated.
QUESTION 769
During a security incident, an IaaS compute instance is detected to send traffic to a host related to cryptocurrency mining. The security analyst handling the incident determines the scope of the incident is limited to that particular instance. Which of the following should the security analyst do NEXT?
A. Isolate the instance from the network into quarantine
B. Perform a memory acquisition in the affected instance
C. Create a snapshot of the volumes attached to the instance
D. Replace the instance with another from the baseline
Answer: C
Explanation:
The first step in any security incident response is to isolate the affected system from the network. This will prevent the attacker from further compromising the system or spreading the attack to other systems.
Once the instance has been isolated, the security analyst can perform a memory acquisition to collect evidence of the attack. This can be done using a variety of tools, such as a live memory acquisition tool or a post-mortem memory acquisition tool.
The security analyst can also create a snapshot of the volumes attached to the instance. This will allow the analyst to restore the instance to a clean state if necessary.
Replacing the instance with another from the baseline is not necessary at this stage. However, it may be necessary if the attacker has been able to compromise the instance’s root account or other critical systems.
Therefore, the next step that the security analyst should take is to isolate the instance from the network into quarantine.
QUESTION 770
A cloud administrator is responsible for managing a VDI environment that provides end users with access to limited applications. Which of the following should the administrator make changes to when a new application needs to be provided?
A. Application security policy
B. Application whitelisting policy
C. Application hardening policy
D. Application testing policy
Answer: B
Explanation:
Application whitelisting is a security policy that allows only approved applications to run on a system. This helps to prevent unauthorized applications from being installed and running on the system.
When a new application needs to be provided to end users in a VDI environment, the cloud administrator should add the application to the application whitelisting policy. This will ensure that the application is only allowed to run on the VDI environment and that unauthorized applications are prevented from running.
QUESTION 771
A cloud administrator needs to deploy a security virtual appliance in a private cloud environment, but this appliance will not be part of the standard catalog of items for other users to request. Which of the following is the BEST way to accomplish this task?
A. Create an empty VM, import the hard disk of the virtual appliance, and configure the CPU and memory.
B. Acquire the build scripts from the vendor and recreate the appliance using the baseline templates.
C. Import the virtual appliance into the environment and deploy it as a VM.
D. Convert the virtual appliance to a template and deploy a new VM using the template.
Answer: D
Explanation:
This is because converting the virtual appliance to a template will create a reusable asset that can be easily deployed whenever needed. The template will include all of the settings and configurations of the virtual appliance, so there is no need to manually recreate the appliance each time.
QUESTION 772
A company has a web application that is accessed around the world. An administrator has been notified of performance issues regarding the application. Which of the following will BEST improve performance?
A. IPAM
B. SDN
C. CDN
D. VPN
Answer: C
Explanation:
A content delivery network (CDN) is a system of servers that are deployed in multiple locations around the world. When a user requests a file from a CDN, the file is served from the server that is closest to the user. This can improve performance by reducing the distance that the file has to travel.
QUESTION 773
A cloud administrator needs to verify domain ownership with a third party. The third party has provided a secret that must be added to the DNS server. Which of the following DNS records does the administrator need to update to include the secret?
A. NS
B. TXT
C. AAAA
D. SOA
Answer: B
Explanation:
TXT (text) Record
Allows administrators to add limited human and machine-readable notes and can be used for things such as email validation, site, and ownership verification, framework policies, etc., and doesn’t require specific formatting.
QUESTION 774
Different healthcare organizations have agreed to collaborate and build a cloud infrastructure that should minimize compliance costs and provide a high degree of security and privacy, as per regulatory requirements. This is an example of a:
A. private cloud.
B. community cloud.
C. hybrid cloud.
D. public cloud.
Answer: B
Explanation:
A community cloud is a cloud computing infrastructure that is shared by a specific community of organizations, such as healthcare organizations. This type of cloud offers a high degree of security and privacy, as well as the ability to comply with regulatory requirements.
QUESTION 775
An organization was preparing to harden an environment before granting access to external auditors. Vulnerability testing was completed, and only one low-priority, informational vulnerability remained outstanding:
![image_thumb[1]](http://examgod.com/bdimages/September-2023Q737-Q799_EAB3/image_thumb1.png "image_thumb[1]")
Two weeks later, the auditors review the system on a new machine without an existing browser cache. Credentials are not required when accessing the application login page. Which of the following tests were skipped, causing this issue?
A. Functionality testing
B. Usability testing
C. Regression testing
D. Penetration testing
Answer: D
QUESTION 776
Which of the following are advantages of a public cloud? (Choose two.)
A. Full control of hardware
B. Reduced monthly costs
C. Decreased network latency
D. Pay as you use
E. Availability of self-service
F. More secure data
Answer: BD
Explanation:
The advantages of a public cloud are:
Reduced monthly costs: Public cloud providers offer a pay-as-you-go pricing model, which can help organizations save money on IT infrastructure costs.
Availability of self-service: Public cloud providers offer self-service portals that allow organizations to provision and manage resources without the need for IT assistance.
Pay as you use: Public cloud providers only charge for the resources that are used, which can help organizations save money on unused resources.
Scalability: Public cloud providers offer scalable infrastructure that can be easily expanded to meet changing needs.
Global reach: Public cloud providers have data centers located around the world, which can help organizations improve performance and availability for their applications.
QUESTION 777
A systems administrator has been notified of possible illegal activities taking place on the network and has been directed to ensure any relevant emails are preserved for court use. Which of the following is this MOST likely an example of?
A. Email archiving
B. Version control
C. Legal hold
D. File integrity monitoring
Answer: C
QUESTION 778
A cloud administrator deployed new hosts in a private cloud. After a few months elapsed, some of the hypervisor features did not seem to be working. Which of the following was MOST likely causing the issue?
A. Incorrect permissions
B. Missing license
C. Incorrect tags
D. Oversubscription
Answer: B
Explanation:
When a hypervisor is deployed, it is typically licensed for a specific number of hosts. If the number of hosts exceeds the number of licenses, then some of the hypervisor features may not be available.
QUESTION 779
When designing a three-node, load-balanced application, a systems administrator must ensure each node runs on a different physical server for HA purposes. Which of the following does the systems administrator need to configure?
A. Round-robin methods
B. Live migration
C. Anti-affinity rule
D. Priority queues
Answer: C
QUESTION 780
A cloud engineer recently used a deployment script template to implement changes on a cloud- hosted web application. The web application communicates with a managed database on the back end. The engineer later notices the web application is no longer receiving data from the managed database. Which of the following is the MOST likely cause of the issue?
A. Misconfiguration in the user permissions
B. Misconfiguration in the routing traffic
C. Misconfiguration in the network ACL
D. Misconfiguration in the firewall
Answer: C
Explanation:
A network ACL (access control list) is a set of rules that control the traffic that is allowed to flow between networks or subnets. If the network ACL is misconfigured, it can prevent traffic from flowing between the web application and the managed database.
QUESTION 781
Based on the shared responsibility model, which of the following solutions passes the responsibility of patching the OS to the customer?
A. PaaS
B. DBaaS
C. IaaS
D. SaaS
Answer: C
QUESTION 782
An engineer is investigating potential performance issues in a hypervisor platform. When comparing the allocated versus actual resources, the engineer notices the platform is oversubscribed. Which of the following is MOST likely the immediate cause of the performance issues?
A. Dynamic allocation
B. Oversubscription
C. Ballooning
D. Transparent page sharing
Answer: B
QUESTION 783
A cloud administrator recently noticed that a number of files stored at a SaaS provider’s file- sharing service were deleted. As part of the root cause analysis, the administrator noticed the parent folder permissions were modified last week. The administrator then used a test user account and determined the permissions on the files allowed everyone to have write access. Which of the following is the best step for the administrator to take NEXT?
A. Identify the changes to the file-sharing service and document.
B. Acquire a third-party DLP solution to implement and manage access.
C. Test the current access permissions to the file-sharing service.
D. Define and configure the proper permissions for the file-sharing service.
Answer: D
QUESTION 784
A company is using an IaC deployment model to a public cloud IaaS. The automation runs partially and then fails to build a VM in the IaaS environment. Upon further assessment, the connectivity to the IaaS is confirmed. Which of the following are the MOST likely causes of the failure? (Choose two.)
A. Insufficient account balance
B. Network settings
C. Resource tagging
D. API request limits
E. Administrator access
F. Inadequate storage
Answer: BD
Explanation:
Network settings: If the network settings are incorrect, the automation may not be able to connect to the IaaS environment. This can happen if the IP addresses or ports are incorrect, or if the firewall is blocking traffic.
API request limits: Each IaaS provider has limits on the number of API requests that can be made per second or per minute. If the automation is making too many requests, it may be throttled or blocked by the IaaS provider.
QUESTION 785
A cloud administrator is investigating slow VM performance. The administrator has checked the physical server performance and has identified the host is under stress due to a peak usage workload. Which of the following is the NEXT step the administrator should complete?
A. Perform a root cause analysis.
B. Migrate the VM to a different host.
C. Document the findings.
D. Perform a system restart.
Answer: B
Explanation:
If the physical server is under stress due to peak usage workload, migrating the VM to a different host with more resources available could alleviate the performance issues. This is a common practice in cloud environments to ensure optimal performance and availability
QUESTION 786
A cloud administrator must ensure all servers are in compliance with the company’s security policy. Which of the following should the administrator check FIRST?
A. The application version
B. The OS version
C. Hardened baselines
D. Password policies
Answer: C
QUESTION 787
A systems administrator needs to implement a way for users to verify software integrity. Which of the following tools would BEST meet the administrator’s needs?
A. TLS 1.3
B. CRC32
C. AES-256
D. SHA-512
Answer: D
QUESTION 788
A cloud administrator would like to maintain file integrity checks through hashing on a cloud object store. Which of the following is MOST suitable from a performance perspective?
A. SHA-256
B. SHA-512
C. MD5
D. AES
Answer: A
QUESTION 789
Which of the following enables CSPs to offer unlimited capacity to customers?
A. Adequate budget
B. Global data center distribution
C. Economies of scale
D. Agile project management
Answer: C
QUESTION 790
A company has two primary offices, one in the United States and one in Europe. The company uses a public IaaS service that has a global data center presence to host its marketing materials. The marketing team, which is primarily based in Europe, has reported latency issues when retrieving these materials. Which of the following is the BEST option to reduce the latency issues?
A. Add an application load balancer to the applications to spread workloads.
B. Integrate a CDN solution to distribute web content globally.
C. Upgrade the bandwidth of the dedicated connection to the IaaS provider.
D. Migrate the applications to a region hosted in Europe.
Answer: B
Explanation:
A content delivery network (CDN) is a system of servers that are deployed in multiple locations around the world. When a user requests a file from a CDN, the file is served from the server that is closest to the user. This can improve performance by reducing the distance that the file has to travel.
QUESTION 791
A company’s marketing department is running a rendering application on virtual desktops. Currently, the application runs slowly, and it takes a long time to refresh the screen. The virtualization administrator is tasked with resolving this issue. Which of the following is the BEST solution?
A. GPU passthrough
B. Increased memory
C. Converged infrastructure
D. An additional CPU core
Answer: A
Explanation:
By implementing GPU passthrough, the virtual desktops running the rendering application can leverage the full capabilities of the GPU, resulting in improved performance and faster rendering.
QUESTION 792
A cloud administrator is supporting an application that has several reliability issues. The administrator needs visibility into the performance characteristics of the application. Which of the following will MOST likely be used in a reporting dashboard?
A. Data from files containing error messages from the application
B. Results from the last performance and workload testing
C. Detail log data from syslog files of the application
D. Metrics and time-series data measuring key performance indicators
Answer: D
QUESTION 793
An organization provides integration services for finance companies that use web services. A new company that sends and receives more than 100,000 transactions per second has been integrated using the web service. The other integrated companies are now reporting slowness with regard to the integration service. Which of the following is the cause of the issue?
A. Incorrect configuration in the authentication process
B. Incorrect configuration in the message queue length
C. Incorrect configuration in user access permissions
D. Incorrect configuration in the SAN storage pool
Answer: B
Explanation:
The message queue is a temporary storage area for messages that are waiting to be processed. If the message queue is too small, it will overflow and messages will be dropped. This can cause slowness for all of the integrated companies, as they will have to wait for their messages to be processed.
QUESTION 794
A company uses multiple SaaS-based cloud applications. All the applications require authentication upon access. An administrator has been asked to address this issue and enhance security. Which of the following technologies would be the BEST solution?
A. Single sign-on
B. Certificate authentication
C. Federation
D. Multifactor authentication
Answer: A
QUESTION 795
An enterprise is considering a cost model for a DBaaS. Which of the following is BEST for a cloud solution?
A. Per gigabyte
B. Per seat
C. Per user
D. Per device
Answer: A
QUESTION 796
A company is using a hybrid cloud environment. The private cloud is hosting the business applications, and the cloud services are being used to replicate for availability purposes. The cloud services are also being used to accommodate the additional resource requirements to provide continued services. Which of the following scalability models is the company utilizing?
A. Vertical scaling
B. Autoscaling
C. Cloud bursting
D. Horizontal scaling
Answer: C
Explanation:
Cloud bursting is a configuration method that uses cloud computing resources whenever on-premises infrastructure reaches peak capacit.
QUESTION 797
A developer wants to use an environment that has two sets of servers, with one active and one passive at any time. When a new version of the application is ready, it will be installed to the passive servers, which will then become active. Which of the following environment types BEST describes these two sets of servers?
A. Disaster recovery
B. Blue-green
C. Development
D. Staging
Answer: B
QUESTION 798
A security analyst is investigating a recurring alert. The alert is reporting an insecure firewall configuration state after every cloud application deployment. The process of identifying the issue, requesting a fix, and waiting for the developers to manually patch the environment is being repeated multiple times. In an effort to identify the root issue, the following logs were collected:
![image_thumb[4]](http://examgod.com/bdimages/September-2023Q737-Q799_EAB3/image_thumb4.png "image_thumb[4]")
Which of the following options will provide a permanent fix for the issue?
A. Validate the IaC code used during the deployment.
B. Avoid the use of a vault to store database passwords.
C. Rotate the access keys that were created during deployment.
D. Recommend that the developers do not create multiple resources at once.
Answer: A
Explanation:
The main reason is the applied access rules; so the IaC api call needs to be revisited and validated.
QUESTION 799
A cloud administrator is reviewing the current private cloud and public law environment, and is building an optimization plan. Portability is of great concern for the administrator so resources can be easily moved from one environment to another. Which of the following should the administrator implement?
A. Serverless
B. CDN
C. Containers
D. Deduplication
Answer: C
Resources From:
1.2023 Latest Braindump2go CV0-003 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/cv0-003.html
2.2023 Latest Braindump2go CV0-003 PDF and CV0-003 VCE Dumps Free Share:
https://drive.google.com/drive/folders/17UdlDv4ExLjUHGV4harUzv5SHKzJqVci?usp=sharing
3.2023 Free Braindump2go CV0-003 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/CV0-003-PDF-Dumps(737-799).pdf
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!