- (Topic 3)
An organization has a public-facing API that is hosted on a cloud provider. The API performs slowly at times. Which of the following technologies should the cloud administrator apply to provide speed acceleration and a secure connection?
Correct Answer:
E
The best technology to provide speed acceleration and a secure connection for a public-facing API that is hosted on a cloud provider is SSL (Secure Sockets Layer). SSL is a protocol that encrypts and authenticates the data between a client and a server over an HTTP connection. It also compresses the data to reduce its size and improve its transmission speed. SSL can enhance the security and performance of an API by preventing unauthorized access, tampering, or interception of the data. Reference: [CompTIA Cloud+ Certification Exam Objectives], Domain 2.0 Security, Objective 2.2 Given a scenario, implement appropriate network security controls for a cloud environment.
- (Topic 1)
A systems administrator is troubleshooting performance issues with a Windows VDI environment. Users have reported that VDI performance has been slow since the images were upgraded from Windows 7 to Windows 10.
This VDI environment is used to run simple tasks, such as Microsoft Office. The administrator investigates the virtual machines and finds the following settings:
✑ 4 vCPU
✑ 16GB RAM
✑ 10Gb networking
✑ 256MB frame buffer
Which of the following MOST likely needs to be upgraded?
Correct Answer:
C
A virtual graphics processing unit (vGPU) is a type of hardware or software that enables a VM to use the physical GPU resources of the host or server for graphics-intensive tasks. Upgrading the vGPU is most likely to solve the issue of VDI performance being slow since the images were upgraded from Windows 7 to Windows 10, as it can provide more graphics processing power and memory for the VMs. Upgrading the vGPU can also improve the user experience and productivity, as it can enhance the display quality and responsiveness of the VDI environment. References: CompTIA Cloud+ Certification Exam Objectives, page 11, section 1.6
- (Topic 3)
A cloud security engineer needs to ensure authentication to the cloud pro-vider console is secure. Which of the following would BEST achieve this ob-jective?
Correct Answer:
C
A password and a physical token are two factors of authentication that can provide a higher level of security than a password alone. A physical token is a device that generates a one-time code or password that the user must enter along with their password to access the cloud provider console. This is an example of multi-factor authentication (MFA), which requires the user to present two or more pieces of evidence to prove their identity. MFA can prevent unauthorized access even if the password is compromised, as the attacker would also need to have the physical token to log in.
- (Topic 1)
A systems administrator is reviewing two CPU models for a cloud deployment. Both CPUs have the same number of cores/threads and run at the same clock speed.
Which of the following will BEST identify the CPU with more computational power?
Correct Answer:
D
Instructions per cycle (IPC) is a metric that measures how many instructions a CPU can execute in one clock cycle. IPC can help identify the CPU with more computational power when comparing two CPU models that have the same number of cores/threads and run at the same clock speed, as it indicates the efficiency and performance of the CPU architecture and design. A higher IPC means that the CPU can process more instructions in less time, resulting in faster and better performance. References: CompTIA Cloud+ Certification Exam Objectives, page 9, section 1.4
Reference: https://en.wikipedia.org/wiki/Central_processing_unit
- (Topic 4)
A cloud security engineer needs to design an IDS/IPS solution for a web application in a single virtual private network. The engineer is considering implementing IPS protection for traffic coming from the internet. Which of the following should the engineer consider to meet this requirement?
Correct Answer:
C
An Intrusion Detection System (IDS) is a software or hardware system that monitors network traffic for malicious activity and alerts the administrator of any potential threats.
An Intrusion Prevention System (IPS) is a software or hardware system that not only detects but also blocks or mitigates the malicious activity. Both IDS and IPS are essential for securing a web application in a cloud environment1.
A web proxy server is a server that acts as an intermediary between the client and the web server. It can provide caching, filtering, and authentication services, but it does not offer IDS/IPS functionality. Therefore, option A is incorrect.
Load balancing using SSI (Server Side Includes) is a technique that distributes the workload among multiple web servers by inserting dynamic content into web pages. It can improve the performance and availability of a web application, but it does not provide IDS/IPS protection. Therefore, option B is incorrect.
Implementing IDS/IPS agents on each instance running in that virtual private network is a valid solution for providing IPS protection for traffic coming from the internet. The agents can monitor and inspect the network traffic on each instance and block or report any suspicious activity to a central management console. This can prevent attacks from reaching the web application or spreading to other instances in the same network. Therefore, option C is correct.
Implementing dynamic routing is a technique that allows routers to select the best path for forwarding packets based on network conditions. It can enhance the reliability and efficiency of a network, but it does not offer IDS/IPS functionality. Therefore, option D is incorrect.
