• Home
  • Articles
  • [Dec-2025] CV0-004 Exam Dumps, CV0-004 Practice Test Questions [Q86-Q107]

[Dec-2025] CV0-004 Exam Dumps, CV0-004 Practice Test Questions [Q86-Q107]

Share

[Dec-2025] CV0-004 Exam Dumps, CV0-004 Practice Test Questions

Attested CV0-004 Dumps PDF Resource [2025]

NEW QUESTION # 86
A cloud server needs to automatically allocate more resources during sudden peak times. This allocation does not need to occur in regular intervals. Which of the following scaling approaches should be used?

  • A. Event
  • B. Scheduled
  • C. Manual
  • D. Trending

Answer: A

Explanation:
Event-based scaling is designed to allocate more resources automatically in response to specific events, such as sudden peak times that are not regular or predictable. This type of scaling ensures that resources are available when needed without the need to schedule them in advance or adjust them manually. Reference: CompTIA Cloud+ Guide to Cloud Computing (ISBN: 978-1-64274-282-2)


NEW QUESTION # 87
Which of the following refers to the idea that data should stay within certain borders or territories?

  • A. Data classification
  • B. Data sovereignty
  • C. Data ownership
  • D. Data retention

Answer: B

Explanation:
Data sovereignty refers to the concept that data is subject to the laws and governance structures within the nation it is collected or stored. It implies that regardless of where a company's data is stored, the data must comply with the laws of the country where it is physically located.


NEW QUESTION # 88
A cloud administrator deploys new VMs in a cluster and discovers they are getting IP addresses in the range of
169.254.0.0/16. Which of the following is the most likely cause?

  • A. The VLAN is missing.
  • B. The network is overlapping.
  • C. The NAT is Improperly configured.
  • D. The scope has been exhausted.

Answer: D

Explanation:
IP addresses in the range of 169.254.0.0/16 are Automatic Private IP Addressing (APIPA) addresses, which devices assign themselves when they are configured to obtain an IP automatically but are unable to reach a DHCP server to get one. The most likely cause for VMs in a cluster to receive APIPA addresses is the exhaustion of the DHCP scope, meaning there are no more available IP addresses in the DHCP range to be assigned.


NEW QUESTION # 89
A company has decided to scale its e-commerce application from its corporate datacenter to a commercial cloud provider to meet an anticipated increase in demand during an upcoming holiday.
The majority of the application load takes place on the application server under normal conditions. For this reason, the company decides to deploy additional application servers into a commercial cloud provider using the on-premises orchestration engine that installs and configures common software and network configurations.
The remote computing environment is connected to the on-premises datacenter via a site-to-site IPSec tunnel. The external DNS provider has been configured to use weighted round-robin routing to load balance connections from the Internet.
During testing, the company discovers that only 20% of connections completed successfully.
INSTRUCTIONS
Review the network architecture and supporting documents and fulfill these requirements:
Part 1:
Part 2:
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Part 1:
Cloud Hybrid Network Diagram








Part 2:
Only select a maximum of TWO options from the multiple choice question

B) Update the PSK (Pre-shared key in Router2)
E) Change the Address Space on Router2

Answer:

Explanation:
See explanation below
Explanation:
Part 1: Router 2
The problematic device is Router 2, which has an incorrect configuration for the IPSec tunnel. The IPSec tunnel is a secure connection between the on-premises datacenter and the cloud provider, which allows the traffic to flow between the two networks. The IPSec tunnel requires both endpoints to have matching parameters, such as the IP addresses, the pre-shared key (PSK), the encryption and authentication algorithms, and the security associations (SAs) .
According to the network diagram and the configuration files, Router 2 has a different PSK and a different address space than Router 1. Router 2 has a PSK of "1234567890", while Router 1 has a PSK of "0987654321". Router 2 has an address space of 10.0.0.0/8, while Router 1 has an address space of 192.168.0.0/16. These mismatches prevent the IPSec tunnel from establishing and encrypting the traffic between the two networks.
The other devices do not have any obvious errors in their configuration. The DNS provider has two CNAME records that point to the application servers in the cloud provider, with different weights to balance the load. The firewall rules allow the traffic from and to the application servers on port 80 and port 443, as well as the traffic from and to the VPN server on port 500 and port 4500. The orchestration server has a script that installs and configures the application servers in the cloud provider, using the DHCP server to assign IP addresses.
Part 2:
The correct options to provide adequate configuration for hybrid cloud architecture are:
Update the PSK in Router 2.
Change the address space on Router 2.
These options will fix the IPSec tunnel configuration and allow the traffic to flow between the on-premises datacenter and the cloud provider. The PSK should match the one on Router 1, which is "0987654321". The address space should also match the one on Router 1, which is 192.168.0.0/16.


NEW QUESTION # 90
A cloud developer is creating a static website that customers will be accessing globally. Which of the following services will help reduce latency?

  • A. VPC
  • B. Application load balancer
  • C. API gateway
  • D. CDN

Answer: D

Explanation:
A Content Delivery Network (CDN) is the service that will help reduce latency for a static website accessed globally. CDNs distribute content across multiple geographically dispersed servers, allowing users to connect to a server that is closer to them, thereby reducing the time it takes to load the website.
Reference: The use of CDNs is a common practice to enhance global access and improve user experience, as covered under Cloud Concepts in the CompTIA Cloud+ certification.


NEW QUESTION # 91
A company wants to use a solution that will allow for quick recovery from ransomware attacks, as well as intentional and unintentional attacks on data integrity and availability. Which of the following should the company implement that will minimize administrative overhead?

  • A. Off-site backups
  • B. Data replication
  • C. Volume snapshots
  • D. Object versioning

Answer: C

Explanation:
Implementing volume snapshots is an effective solution for quick recovery from ransomware attacks and protecting data integrity and availability. Snapshots capture the state of a storage volume at a point in time and can be used to restore data quickly with minimal administrative overhead.
Data protection strategies like volume snapshots are discussed under cloud data management and protection in the CompTIA Cloud+ objectives.


NEW QUESTION # 92
A project manager must determine how ideas from the organization and results from the review committee should move through the enterprise for a new project. Which of the following does the project manager need to do?

  • A. Plan a kickoff meeting
  • B. Identify the stakeholders
  • C. Develop a responsibility assignment matrix
  • D. Establish communication channels

Answer: D

Explanation:
The correct step is to establish communication channels that ensure proper flow of information from idea origination through review and approval. Kickoff meetings occur later, while RACI matrices and stakeholder identification are planning tools -- not communication flow structures.


NEW QUESTION # 93
A cloud service provider just launched a new serverless service that is compliant with all security regulations. A company deployed its code using the service, and the company's application was hacked due to leaked credentials. Which of the following is responsible?

  • A. Customer
  • B. Code repository
  • C. Hacker
  • D. Cloud service provider

Answer: A

Explanation:
Comprehensive and Detailed Step-by-Step
A . Customer: Under the shared responsibility model, customers are responsible for securing their code and credentials in cloud environments.
B . Cloud service provider: Responsible for securing the underlying infrastructure, not customer-deployed applications or credentials.
C . Hacker: Exploited the breach but isn't directly responsible for security lapses.
D . Code repository: Doesn't inherently cause the issue unless mismanaged by the customer.
Reference:
CompTIA Cloud+ CV0-004 Study Guide, Objective 4.2: Understand the shared responsibility model in cloud security.


NEW QUESTION # 94
The company's IDS has reported an anomaly. The cloud engineer remotely accesses the cloud instance, runs a command, and receives the following information:

Which of the following is the most likely root cause of this anomaly?

  • A. Leaked credentials
  • B. Privilege escalation
  • C. Defaced website
  • D. Cryptojacking

Answer: B

Explanation:
The output from the 'ps' command indicates there is a process running under the UID (User ID) of 0, which is the root user, and the command that was run is '/var/www/command.py'. Given that the normal Apache processes are running under their own UID (65535), this suggests that a command was executed with root privileges that typically should not have such high-level access. This is a strong indicator of privilege escalation, where an unauthorized user or process gains elevated access to resources that are normally protected from an application or user. Reference: CompTIA Cloud+ Certification Study Guide (Exam CV0-004) by Scott Wilson and Eric Vanderburg


NEW QUESTION # 95
A company uses containers stored in Docker Hub to deploy workloads (or its laaS infrastructure. The development team releases changes to the containers several times per hour. Which of the following should a cloud engineer do to prevent the proprietary code from being exposed to third parties?

  • A. Deploy the containers over SSH.
  • B. Use private repositories for the containers.
  • C. Convert the containers to VMs.
  • D. Use laC to deploy the laaS infrastructure.

Answer: B

Explanation:
To prevent proprietary code from being exposed to third parties, a cloud engineer should use private repositories for the containers. Private repositories ensure that access to container images is restricted and controlled, unlike public repositories where images are accessible to anyone.
The concept of using private repositories for protecting proprietary code is part of cloud security best practices, which is covered under the Governance, Risk, Compliance, and Security domain of the CompTIA Cloud+ certification.


NEW QUESTION # 96
Which of the following is the most cost-effective and efficient strategy when migrating to the cloud?

  • A. Retire
  • B. Retain
  • C. Refactor
  • D. Replatform

Answer: D

Explanation:
Replatforming is the process of making slight modifications to the existing container setup to take advantage of cloud-native services without completely rewriting the application. This strategy is cost-effective and efficient because it involves minimal changes while still allowing the application to benefit from the cloud's scalability, flexibility, and managed services. For containerized workloads, replatforming often involves adapting the deployment to run on managed container services provided by the cloud provider.


NEW QUESTION # 97
A software engineer is integrating an application to the cloud that is web socket based. Which of the following applications is the engineer most likely deploying?

  • A. Image-sharing
  • B. Data visualization
  • C. Chat
  • D. File transfer

Answer: C

Explanation:
A chat application is most likely to be deployed when integrating a web socket-based application to the cloud. Web sockets provide full-duplex communication channels over a single, long-lived connection, which is ideal for real-time applications like chat services that require persistent connections between the client and server for instant data exchange.


NEW QUESTION # 98
A cloud security analyst is concerned about security vulnerabilities in publicly available container images.
Which of the following is the most appropriate action for the analyst to recommend?

  • A. Using images that have an application firewall
  • B. Using CIS-hardened images
  • C. Using watermarked images
  • D. Using digitally signed images

Answer: B

Explanation:
* Using CIS-hardened images (A): Center for Internet Security (CIS) images are pre-hardened and configured for best practices, reducing vulnerabilities.
* Using watermarked images (B): Watermarking does not contribute to security hardening.
* Using digitally signed images (C): Verifies authenticity but does not address vulnerabilities within the container.
* Using images that have an application firewall (D): Firewalls offer runtime protection but don't secure the container image itself.
Reference:CompTIA Cloud+ CV0-004 Study Guide, Objective 4.3: Secure containerized environments.


NEW QUESTION # 99
A manager wants information about which users signed in to a certain VM during the past month.
Which of the following can the cloud administrator use to obtain this information?

  • A. Collection
  • B. Alerting
  • C. Retention
  • D. Aggregation

Answer: A

Explanation:
To obtain information about which users signed in to a certain VM during the past month, a cloud administrator can use log collection. Log collection involves gathering and storing logs from various sources, including VMs, to provide historical data on system access and activity, which can then be analyzed to identify user login instances.


NEW QUESTION # 100
A software development team decides to use a code repository. Which of the following is the most likely reason for this decision?

  • A. Program management
  • B. Change management
  • C. Project management
  • D. Version management

Answer: D

Explanation:
A code repository is primarily used for version management, allowing developers to track, control, and manage changes to source code over time while enabling collaboration.


NEW QUESTION # 101
A technician receives an email from a vendor who is requesting payment of an invoice for human resources services. The email contains a request for bank account numbers. Which of the following types of attacks does this behavior most likely indicate?

  • A. Phishing
  • B. MaIware
  • C. Ransomware
  • D. Cryptojacking

Answer: A

Explanation:
The behavior described in the question indicates a phishing attack. Phishing typically involves an attacker masquerading as a legitimate entity to trick individuals into providing sensitive information, such as bank account numbers, through seemingly trustworthy communication channels like email.
Understanding security concerns and measures is part of the Governance, Risk, Compliance, and Security domain of the CompTIA Cloud+ objectives.


NEW QUESTION # 102
Five thousand employees always access the company's public cloud-hosted web application on a daily basis during the same time frame. Some users have been reporting performance issues while attempting to connect to the web application Which of the following is the best configuration approach to resolve this issue?

  • A. Scale vertically based on a load.
  • B. Scale horizontally based on a schedule
  • C. Scale vertically based on a trend.
  • D. Scale horizontally based on an event

Answer: B

Explanation:
For a web application accessed by a large number of employees daily during the same time frame, the best configuration approach to resolve performance issues is to scale horizontally based on a schedule. This means adding more server instances to handle the load during known peak times.
Reference: Cloud resource scaling strategies, including scheduled horizontal scaling, are discussed in the CompTIA Cloud+ curriculum under cloud management and optimization.


NEW QUESTION # 103
A cloud deployment uses three different VPCs. The subnets on each VPC need to communicate with the others over private channels. Which of the following will achieve this objective?

  • A. Establishing identical routing tables on all VPCs
  • B. Adding BGP routes using the VPCs' private IP addresses
  • C. Creating peering connections between all VPCs
  • D. Deploying a load balancer to send traffic to the private IP addresses

Answer: C

Explanation:
To allow subnets on different VPCs to communicate with each other over private channels, the cloud engineer should create peering connections between all the VPCs. VPC Peering allows networks to connect and route traffic using private IP addresses without the need for gateways, VPN connections, or separate physical hardware. Reference: CompTIA Cloud+ Study Guide (Exam CV0-004) by Todd Montgomery and Stephen Olson


NEW QUESTION # 104
An administrator used a script that worked in the past to create and tag five virtual machines. All of the virtual machines have been created: however, the administrator sees the following results:
{ tags: [ ] }
Which of the following is the most likely reason for this result?

  • A. Service quotas
  • B. Command deprecation
  • C. Compatibility issues
  • D. API throttling

Answer: B

Explanation:
The most likely reason for the script creating virtual machines without tags, despite working in the past, is command deprecation. Cloud service providers update their APIs and CLI commands over time, and a previously used command to tag resources might no longer be valid.
Reference: Understanding cloud service APIs and the importance of keeping up with updates is part of cloud technical operations covered in CompTIA Cloud+.


NEW QUESTION # 105
A developer at a small startup company deployed some code for a new feature to its public repository. A few days later, a data breach occurred. A security team investigated the incident and found that the database was hacked. Which of the following is the most likely cause of this breach?

  • A. Database core dump
  • B. Unpatched web servers
  • C. Hard-coded credentials
  • D. Compromised deployment agent

Answer: C

Explanation:
Hard-coded credentials within code, especially when deployed in a public repository, are a common security vulnerability. If credentials such as passwords or API keys are embedded in the code, anyone with access to the repository can potentially use them to gain unauthorized access to databases or other sensitive resources. This is a likely cause of the data breach in the scenario described.


NEW QUESTION # 106
Which of the following strategies requires the development of new code before an application can be successfully migrated to a cloud provider?

  • A. Replatform
  • B. Rehost
  • C. Refactor
  • D. Rearchitect

Answer: C

Explanation:
Refactoring requires the development of new code before an application can be successfully migrated to a cloud provider. It often involves restructuring and optimizing the existing code without changing its external behavior to fit into the new cloud environment.
Application migration strategies and the requirements for each, like refactoring, are included in cloud migration best practices covered in CompTIA Cloud+.


NEW QUESTION # 107
......

Latest CV0-004 Actual Free Exam Questions Updated 363 Questions: https://certkingdom.practicedump.com/CV0-004-practice-dumps.html

Related Articles

more
CompTIA CV0-004 Certification Practice Exam

Copyright © 2026 PracticeDump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy