CompTIA Cloud+ Study Guide E-Book

Table of Contents

Cover

Title Page

Copyright

Acknowledgments

About the Author

About the Technical Editor

Introduction

Why Should You Become Certified in Cloud Technologies?

What Does This Book Cover?

Interactive Online Learning Environment and Test Bank

How to Use This Book

How Do You Go About Taking the Exam?

Certification Exam Policies

Tips for Taking Your Cloud+ Exam

Cloud+ Exam Renewal

CompTIA Cloud+ Study Guide: Exam CV0-003 Objective Map

1.0 Cloud Architecture and Design

2.0 Security

3.0 Deployment

4.0 Operations and Support

5.0 Troubleshooting

Reader Support for This Book

Assessment Test

Answers to Assessment Test

Chapter 1: Introducing Cloud Computing Configurations and Deployments

Introducing Cloud Computing

Creating and Validating a Cloud Deployment

Verifying System Requirements

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 2: Cloud Deployments

Executing a Cloud Deployment

Matching Data Center Resources to Cloud Resources

Configuring and Deploying Storage

Performing a Server Migration

Managing User Identities and Roles

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 3: Security in the Cloud

Cloud Security Compliance and Configurations

Access Control

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 4: Implementing Cloud Security

Implementing Security in the Cloud

Automating Cloud Security

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 5: Maintaining Cloud Operations

Applying Security Patches

Updating Cloud Elements

Storage Operations

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 6: Disaster Recovery, Business Continuity, and Ongoing Maintenance

Implementing a Disaster Recovery and Business Continuity Plan

Business Continuity

Cloud Maintenance

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 7: Cloud Management

Cloud Metrics

Adding and Removing Cloud Resources

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 8: Cloud Management Baselines, Performance, and SLAs

Measuring Your Deployment Against the Baseline

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 9: Troubleshooting

Incident Management

Troubleshooting Cloud Capacity Issues

Troubleshooting Automation and Orchestration

Summary

Exam Essentials

Written Lab

Review Questions

Chapter 10: Troubleshooting Networking and Security Issues and Understanding Methodologies

Troubleshooting Cloud Networking Issues

Troubleshooting Security Issues

Troubleshooting Methodology

Summary

Exam Essentials

Written Lab

Review Questions

Appendix A: Answers to Review Questions

Chapter 1: Introducing Cloud Computing Configurations and Deployments

Chapter 2: Cloud Deployments

Chapter 3: Security in the Cloud

Chapter 4: Implementing Cloud Security

Chapter 5: Maintaining Cloud Operations

Chapter 6: Disaster Recovery, Business Continuity, and Ongoing Maintenance

Chapter 7: Cloud Management

Chapter 8: Cloud Management Baselines, Performance, and SLAs

Chapter 9: Troubleshooting

Chapter 10: Troubleshooting Networking and Security Issues and Understanding Methodologies

Appendix B: Answers to Written Labs

Chapter 1: Introducing Cloud Computing Configurations and Deployments

Chapter 2: Cloud Deployments

Chapter 3: Security in the Cloud

Chapter 4: Implementing Cloud Security

Chapter 5: Maintaining Cloud Operations

Chapter 6: Disaster Recovery, Business Continuity, and Ongoing Maintenance

Chapter 7: Cloud Management

Chapter 8: Cloud Management Baselines, Performance, and SLAs

Chapter 9: Troubleshooting

Chapter 10: Troubleshooting Networking and Security Issues and Understanding Methodologies

Index

End User License Agreement

List of Tables

Chapter 2

TABLE 2.1 Private IP address blocks

TABLE 2.2 Role-based access control

Chapter 3

TABLE 3.1 Major components of a PKI framework

Chapter 7

TABLE 7.1 Cloud metric examples

List of Illustrations

Chapter 1

FIGURE 1.1 In-house computing

FIGURE 1.2 Cloud computing model

FIGURE 1.3 Mainframe computing

FIGURE 1.4 Client-server computing

FIGURE 1.5 Virtualized computing

FIGURE 1.6 Cloud computing

FIGURE 1.7 SaaS

FIGURE 1.8 IaaS

FIGURE 1.9 PaaS

FIGURE 1.10 Public cloud

FIGURE 1.11 Private cloud

FIGURE 1.12 Community cloud

FIGURE 1.13 Hybrid cloud

FIGURE 1.14 Shared resource pooling

FIGURE 1.15 Remote VPN access to a data center

FIGURE 1.16 Site-to-site replication of data

FIGURE 1.17 Synchronous replication

FIGURE 1.18 Asynchronous replication

FIGURE 1.19 Load balancing web servers

FIGURE 1.20 Cloud regions

FIGURE 1.21 Availability zones

FIGURE 1.22 Local computer running the hypervisor management application

FIGURE 1.23 Remote hypervisor management application

FIGURE 1.24 Local computer running Remote Desktop Services to remotely acces...

FIGURE 1.25 Secure Shell encrypted remote access

Chapter 2

FIGURE 2.1 Managing your cloud deployment

FIGURE 2.2 The FCAPS management umbrella

FIGURE 2.3 Public cloud

FIGURE 2.4 Private cloud

FIGURE 2.5 Hybrid cloud

FIGURE 2.6 Community cloud

FIGURE 2.7 A VPN creates a secure tunnel over an insecure network such as th...

FIGURE 2.8 Intrusion detection systems monitor incoming network traffic for ...

FIGURE 2.9 Intrusion prevention systems monitor activity and prevent network...

FIGURE 2.10 DMZ servers are accessed by the outside world via the Internet a...

FIGURE 2.11 Network-attached storage

FIGURE 2.12 Direct-attached storage

FIGURE 2.13 Storage area network

FIGURE 2.14 RAID level 0

FIGURE 2.15 RAID level 1

FIGURE 2.16 RAID level 1+0

FIGURE 2.17 RAID level 0+1

FIGURE 2.18 RAID level 5

FIGURE 2.19 RAID level 6

FIGURE 2.20 Zoning filters access to storage resources on the SAN switching ...

FIGURE 2.21 LUN masking filters initiator access to storage volumes on the s...

FIGURE 2.22 Physical-to-virtual migration

FIGURE 2.23 Virtual-to-virtual migration

FIGURE 2.24 Virtual-to-physical migration

FIGURE 2.25 Storage migration

FIGURE 2.26 Load-balancing web servers

FIGURE 2.27 Network firewall for security

FIGURE 2.28 Firewalls define what traffic is allowed in and out of the netwo...

Chapter 3

FIGURE 3.1 IPsec tunnel from remote site to cloud data center

FIGURE 3.2 IaaS security model

FIGURE 3.3 PaaS security model

FIGURE 3.4 SaaS security model

Chapter 4

FIGURE 4.1 Multifactor authentication login screen

FIGURE 4.2 Hardware-based multifactor authentication token

FIGURE 4.3 Smartphone-based multifactor authentication token

FIGURE 4.4 Dashboard applications show cloud health reports using a browser....

FIGURE 4.5 Firewalls define what traffic is allowed in and out of the networ...

Chapter 5

FIGURE 5.1 Rolling updates are performed sequentially.

FIGURE 5.2 Blue-green deployment

FIGURE 5.3 Cluster updates on each server with no downtime

FIGURE 5.4 Virtual machine snapshot

FIGURE 5.5 Virtual machine cloning

FIGURE 5.6 Image backup

FIGURE 5.7 File backup

FIGURE 5.8 Local backup

FIGURE 5.9 Remote backup

Chapter 6

FIGURE 6.1 Hot site mirroring

FIGURE 6.2 Warm site

FIGURE 6.3 Cold site

FIGURE 6.4 Site-to-site replication of data

FIGURE 6.5 Synchronous replication

FIGURE 6.6 Asynchronous replication

Chapter 7

FIGURE 7.1 Basic network management topology

FIGURE 7.2 Cloud notification system

FIGURE 7.3 Vertical scaling

FIGURE 7.4 Horizontal scaling

Chapter 8

FIGURE 8.1 Cloud object tracking

FIGURE 8.2 CPU usage reporting

FIGURE 8.3 Collecting trending data

FIGURE 8.4 Vertical scaling

FIGURE 8.5 Horizontal scaling

FIGURE 8.6 Cloud reporting

Chapter 10

FIGURE 10.1 Latency is an end-to-end network delay.

FIGURE 10.2 Console port access

FIGURE 10.3 Console port access

FIGURE 10.4 Local computer running the RDP application to remotely access a ...

FIGURE 10.5 Secure Shell–encrypted remote access

FIGURE 10.6 Account privilege escalation

FIGURE 10.7 Top-down troubleshooting approach

FIGURE 10.8 Bottom-up troubleshooting approach

FIGURE 10.9 Divide-and-conquer troubleshooting approach

Guide

Cover

Table of Contents

Title Page

Copyright

Acknowledgments

About the Author

About the Technical Editor

Introduction

Begin Reading

Appendix A: Answers to Review Questions

Appendix B: Answers to Written Labs

Index

End User License Agreement

Pages

i

v

vi

vii

ix

xi

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

xlvii

xlviii

xlix

l

li

lii

liii

liv

lv

lvi

lvii

lviii

lix

lx

lxi

lxii

lxiii

lxiv

lxv

lxvi

lxvii

lxviii

lxix

lxx

lxxi

lxxii

lxxiii

lxxiv

lxxv

lxxvi

lxxvii

lxxviii

lxxix

lxxx

lxxxi

lxxxii

lxxxiii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

CompTIA®Cloud+®

Study GuideExam CV0-003

Third Edition

Ben Piper

Copyright © 2021 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

ISBN: 978-1-119-81086-5

ISBN: 978-1-119-81094-0 (ebk.)

ISBN: 978-1-119-81095-7 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com . Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission .

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com .

Library of Congress Control Number: 2021942883

TRADEMARKS: WILEY and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and Cloud+ are registered trademarks of CompTIA, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Cover image: © Jeremy Woodhouse/Getty Images, Inc.

Cover design: Wiley

Acknowledgments

There are many people who work to put a book together, and it would never be published without the dedicated, hard work of the whole team at Wiley. They are truly a fantastic group to work with, and without the Wiley team this book would have never been possible. To everyone at Wiley, a big thank-you! You made the late nights and long weekends of writing and putting this book together all worthwhile.

Special thanks to Kenyon Brown, senior acquisitions editor, who was always ready to provide resources and answer questions. His experience and guidance throughout the project were critical.

Gary Schwartz, project manager, kept this book's publishing schedule on track. His edits helped make many of the technical parts of this book more readable. Thanks also to Christine O'Connor, managing editor, Pete Gaughan, content enablement manager, and Liz Welch, copy editor.

Kunal Mittal, technical editor, checked the technical content for accuracy. He also provided invaluable feedback on how to make the technical concepts more understandable.

About the Author

Ben Piper has authored multiple books, including the AWS Certified Solutions Architect Study Guide: Associate SAA-C02 Exam (Sybex, 2020) and AWS Certified Cloud Practitioner Study Guide: Foundational CLF-C01 Exam (Sybex, 2019). You can contact Ben by visiting his website https://benpiper.com

About the Technical Editor

Kunal Mittal is an entrepreneur and serves on the board of directors/advisers for multiple technology startups. His strengths are product strategy, technology strategy, and execution. His passion is building high-performing teams with a passion and gumption to innovate. Apart from technology, Kunal owns a winery in Paso Robles (central California) named LXV Wine, which won an award for being the 7th best Tasting Experience in the United States by USA Today.

Introduction

Welcome to the exciting world of cloud computing and CompTIA certifications! If you picked up this book because you want to improve yourself with a secure and rewarding job in the new and fast-growing cloud computing space, you have come to the right place. Whether you are striving to enter the thriving, dynamic IT sector, or you are seeking to enhance your skills in the emerging cloud computing field, being CompTIA Cloud+ certified can seriously stack the odds of success in your favor.

CompTIA certifications are powerful instruments of success that will most certainly improve your knowledge of cloud computing. As you progress throughout this book, you'll gain a broad and deep understanding of cloud computing operations that offers unprecedented exposure to this dynamic field. The knowledge and expertise that you will gain are essential for your success in all areas of the cloud computing field.

By deciding to become Cloud+ certified, you're proudly announcing to the world that you want to become an unrivaled cloud computing expert—a goal that this book will get you well on your way to achieving. Congratulations in advance on the beginning of your brilliant future!

For up-to-the-minute updates covering additions or modifications to the CompTIA certification exams, as well as additional study tools, videos, practice questions, and bonus material, be sure to visit the Sybex website and forum at www.sybex.com .

Why Should You Become Certified in Cloud Technologies?

CompTIA has created the world's leading vendor-neutral family of certifications in the technology industry. CompTIA's certifications are recognized and respected worldwide for their quality and rigorous standards. They offer a broad range of certifications on a wide variety of technology topics. When you become Cloud+ certified, you have validated your skills and expertise in the implementation and ongoing support of cloud-based services. Becoming a CompTIA Cloud+ certified professional validates that you have the knowledge to be a successful cloud engineer.

The Cloud+ certification is recognized as one of the premier cloud certifications on the market today. Studying for and passing the Cloud+ exam gives engineers the set of skills to succeed in the fast-growing field of cloud computing.

Rest assured that when you pass the CompTIA Cloud+ exam, you're headed down a path to certain success!

What Does This Book Cover?

This book, consisting of 10 chapters, follows the most recent version of the CompTIA Cloud+ exam, CV0-003. The exam blueprint is divided into five sections which are explained in sufficient detail to help you become a Cloud+ certified professional.

Chapter 1

: Introducing Cloud Computing Configurations and Deployments

   The book starts out by investigating the most common cloud components, such as applications, compute, storage, and networking. Then it discusses how to determine the correct size and scale of the systems. You will gain a basic understanding of configurations found in the cloud and learn about production, quality assurance, and development of cloud systems.

Chapter 2

: Cloud Deployments

   In this chapter, you'll learn about deploying services in the cloud and how to execute a deployment plan; the most common service models; and the various ways that clouds are delivered, such as public, private, and community. Common cloud terminology and storage are explained.

Next, the chapter delves into the technical background and you'll learn how to determine the needs and design of an effective cloud deployment. This includes what virtualization is, its benefits, and why it's a central technology in cloud computing. You'll learn about hypervisors and virtual machines, and how to migrate from your existing operations to the cloud.

Chapter 3

: Security in the Cloud

   This chapter covers cloud security, starting with security policies, laws, and standards. You will then learn about specific security technologies, applications, and services.

Chapter 4

: Implementing Cloud Security

   This chapter builds on your security knowledge by explaining how to implement secure storage, networks, and compute systems. Security tools, intrusion systems, encryption, tools, techniques, and services are introduced.

Chapter 5

: Maintaining Cloud Operations

   This chapter focuses on keeping your cloud deployment current with the latest updates, and it discusses the processes to follow. Automation is introduced, and you will learn about the importance of cloud automation and orchestration systems. The chapter concludes with a discussion of backing up your data in the cloud.

Chapter 6

: Disaster Recovery, Business Continuity, and Ongoing Maintenance

   We'll take a step back in this chapter and cover how to go about developing a disaster recovery plan and the common models available. You will learn the importance of business survivability during a severe outage and understand the issues concerning recovery. The chapter ends by describing how to perform ongoing maintenance in your cloud environment.

Chapter 7

: Cloud Management

   You'll now delve deeply into the operations aspects of cloud computing. This chapter begins with a discussion of monitoring the cloud, and then it moves on to look at the allocation and provisioning of resources. Then you will learn about business requirements, application life cycles, and the impact they have on managing your cloud deployment. The chapter concludes with a discussion on the security of your cloud operations with accounts, automation, authentication, and automation models.

Chapter 8

: Cloud Management Baselines, Performance, and SLAs

   This chapter explains how to determine what is considered normal cloud operations by creating and maintaining baseline measurements. Using these measurements, you can monitor your cloud fleet for deviations from the baseline and learn the steps to take when this occurs. Service level agreements and chargeback models are also explained in this chapter.

Chapter 9

: Troubleshooting

   This chapter goes deeply into the technical aspects, identifying and correcting cloud technical issues. Troubleshooting of new and existing deployments is covered. You will learn about common problems found in the cloud that you will need to resolve. You will learn how to identify and resolve deviations from your baselines and what to do when breakdowns in the workflow occur. Be sure to pay close attention to this chapter!

Chapter 10

: Troubleshooting Networking and Security Issues and Understanding Methodologies

   The final chapter continues investigating troubleshooting with a focus on tools and techniques. Common troubleshooting utilities found in Linux and Windows systems are presented, and you'll learn how to perform a structured troubleshooting approach.

Appendix A

: Answers to Review Questions

   This appendix contains answers to the book's Review Questions.

Appendix B

: Answers to Written Labs

   This appendix contains the answers to the book's Written Labs.

Interactive Online Learning Environment and Test Bank

Wiley has put together some great online tools to help you pass the Cloud+ exam. The interactive online learning environment that accompanies the Cloud+ exam certification guide provides a test bank and study tools to help you prepare for the exam. By using these tools, you can dramatically increase your chances of passing the exam on your first try.

Sample Tests

   Many sample tests are provided throughout this book and online, including the assessment test at the end of this Introduction and the Review Questions at the end of each chapter. In addition, there are two exclusive online practice exams with 50 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.

Flashcards

   The online text banks include 100 flashcards specifically written to hit you hard, so don't get discouraged if you don't ace your way through them at first! They're there to ensure that you're ready for the exam. Armed with the Review Questions, Practice Exams, and Flashcards, you'll be more than prepared when exam day comes. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the Flashcards to reinforce your learning and provide last-minute test prep before the exam.

Other Study Tools

   A glossary of key terms from this book and their definitions is available as a fully searchable PDF.

Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

How to Use This Book

If you want a solid foundation for the serious effort of preparing for the CompTIA CV0-003 Cloud+ exam, then look no further. Hundreds of hours have been spent putting together this book with the sole intention of helping you to pass the exam as well as to learn about the exciting field of cloud computing! The book has been completely updated and refreshed from the original to match the new version of the CompTIA Cloud+ exam, CV0-003.

This book is loaded with valuable information, and you will get the most out of your study time if you understand why the book is organized the way it is. In order to maximize your benefit from this book, I recommend the following study method:

Take the assessment test that's provided at the end of this Introduction. (The answers are at the end of the test.) It's okay if you don't know any of the answers; that's why you bought this book! Carefully read over the explanations for any questions that you get wrong and note the chapters in which the material relevant to them is covered. This information should help you plan your study strategy.

Study each chapter carefully, making sure that you fully understand the information and the test objectives listed at the beginning of each one. Pay extra-close attention to any chapter that includes material covered in questions that you missed.

Complete all written labs in each chapter, referring to the text of the chapter so that you understand the reason for each answer.

Answer all the Review Questions related to each chapter. Many of the questions are presented in a scenario format to emulate real-world tasks that you may encounter. (The answers to the Review Questions appear in

Appendix A

.) Note the questions that confuse you and study the topics they cover again until the concepts are crystal clear. Again, do not just skim these questions. Make sure that you fully comprehend the reason for each correct answer. Remember that these will not be the exact questions you will find on the exam, but they're written to help you understand the chapter material and ultimately pass the exam.

Each chapter also concludes with a fill-in-the-blank type of written lab that is designed to improve your memory and comprehension of key items that were presented in the chapter. These labs are great for test preparation. I suggest going over the questions until you are consistently able to answer them error free. (The answers appear in

Appendix B

.)

Try your hand at the practice questions that are exclusive to this book. The questions can be found at

http://www.wiley.com/go/sybextestprep

.

Test yourself using all of the Flashcards, which are also found at

http://www.wiley.com/go/sybextestprep

. These are new Flashcards to help you prepare for the CV0-003 Cloud+ exam.

To learn every bit of the material covered in this book, you'll have to apply yourself regularly and with discipline. Try to set aside the same time period every day to study and select a comfortable and quiet place to do so. I am confident that if you work hard, you'll be surprised at how quickly you learn this material.

If you follow these steps and study in addition to using the Review Questions, the Practice Exams, and the electronic Flashcards, it would actually be hard to fail the Cloud+ exam. But understand that studying for the CompTIA exams is a lot like getting in shape—if you do not exercise most days, it's not going to happen!

According to the CompTIA website, the Cloud+ exam details are as follows:

Exam code:

CV0-003

Exam description:

CompTIA Cloud+ covers competency in cloud models, virtualization, infrastructure, security, resource management, and business continuity.

Number of questions:

Minimum of 90

Type of questions:

Multiple choice and performance-based

Length of test:

90 minutes

Passing score:

750 (on a scale of 100–900)

Language:

English

Recommended experience:

At least 2–3 years of work experience in IT systems administration or IT networking

CompTIA Network+ and Server+ or equivalent knowledge

Familiarity with any major hypervisor technology for server virtualization

Knowledge of cloud service models

Knowledge of IT service management

Hands-on experience with at least one public or private cloud IaaS platform

How Do You Go About Taking the Exam?

When the time comes to schedule your exam, you will need to create an account at www.comptia.org and register for your exam.

You can purchase the exam voucher on the CompTIA website at https://certification.comptia.org/testing/buy-voucher . The voucher is a proof of purchase and a code number that you will use to schedule the exam at https://www.comptia.org/testing/testing-options/about-testing-options .

When you have a voucher and have selected a testing center, you can go ahead and schedule the Cloud+ CV0-003 exam by visiting www.pearsonvue.com/comptia . There you can also locate a testing center or purchase vouchers if you have not already done so.

When you have registered for the Cloud+ certification exam, you will receive a confirmation email that supplies you with all the information you will need to take the exam.

Certification Exam Policies

This section explains CompTIA's exam policies and was taken from the CompTIA website. I recommend that you visit https://certification.comptia.org/testing/test-policies to become familiar with CompTIA's policies.

Candidate Agreement

   Explains the rules and regulations regarding certification, including the retake policy, the candidate conduct policy, and the candidate appeals process.

Candidate Testing Policies

   Includes accommodations during an exam, exam scoring, exam content, and out-of-country testing policies.

CompTIA Voucher Terms & Conditions

   Details the terms and conditions governing CompTIA vouchers.

Candidate ID Policy

   Details the acceptable forms of identification that candidates may bring to an exam.

Certification Retake Policy

   Details the circumstances in which a candidate can retake a certification exam.

Exam Delivery Policies

   Includes testing center suspensions, delivery exclusions, and beta testing policies.

Continuing Education Policies

   Covers certification renewal, candidate code of ethics, and audit findings as related to the Continuing Education Program.

Exam Development

   Explains the exam development process.

Sharing Your Exam Results

   Explains the exam results sharing policy.

Unauthorized Training Materials

   Defines unauthorized training materials and the consequences for using them.

Candidate Appeals Process

   Describes the process for candidates to appeal sanctions imposed due to exam security or policy violations.

CompTIA Exam Security Hotline

   Can be used to report security breaches, candidate misconduct, IP infringement, use of unauthorized training materials, and other exam security-related concerns.

Tips for Taking Your Cloud+ Exam

The CompTIA Cloud+ exam contains at least 90 multiple-choice questions and must be completed in 90 minutes or less. This information may change over time, so check www.comptia.org for the latest updates.

Many questions on the exam offer answer choices that at first glance look identical, especially the syntax questions. Remember to read through the choices carefully because close just doesn't cut it. If you get information in the wrong order or forget one measly character, you may get the question wrong. Many of the questions will be presented as a long, involved statement that is designed to confuse or misdirect you. Read these questions carefully, and make sure that you completely understand what the question is asking. It's important to filter out irrelevant statements and focus on what they are asking you to identify as the correct answer. So, to practice, do the Practice Exams and hands-on exercises from this book's chapters over and over again until they feel natural to you. Do the online sample test until you can consistently answer all the questions correctly. Relax and read the question over and over until you are 100 percent clear on what it's asking. Then you can usually eliminate a few of the obviously wrong answers.

Here are some general tips for exam success:

Arrive early at the exam center so that you can relax and review your study materials.

Read the questions carefully. Don't jump to conclusions. Make sure that you're clear about exactly what each question asks. “Read twice, answer once!” Scenario questions can be long and contain information that is not relevant to the answer. Take your time and understand what they are really asking you.

Ask for a piece of paper and pencil if it's offered to take quick notes and make sketches during the exam.

When answering multiple-choice questions that you're unsure about, use the process of elimination to get rid of the obviously incorrect answers first. Doing this greatly improves your odds if you need to make an educated guess.

After you complete an exam, you'll get immediate, online notification of your pass or fail status, a printed examination score report that indicates your pass or fail status, and your exam results by section. (The test administrator will give you the printed score report.) Test scores are automatically forwarded to CompTIA after you take the test, so you don't need to send your score to them. If you pass the exam, you'll receive confirmation from CompTIA that you are now a Cloud+ certified professional!

Cloud+ Exam Renewal

The Cloud+ certification is good for three years from the date of the exam. You can keep your certification up-to-date by following CompTIA's continuing education program outlined at https://certification.comptia.org/continuing-education .

CompTIA Cloud+ Study Guide: Exam CV0-003 Objective Map

The following objective map will assist you with finding where each exam objective is covered in the chapters in this book.

1.0 Cloud Architecture and Design

Exam Objective

Chapters

1.1  Compare and contrast the different types of cloud models.

Deployment models

Public

Private

Hybrid

Community

Cloud within a cloud

Multicloud

Multitenancy

Service models

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Advanced cloud services

Internet of Things (IoT)

Serverless

Machine learning/Artificial intelligence (AI)

Shared responsibility model

1

,

2

1.2  Explain the factors that contribute to capacity planning.

Requirements

Hardware

Software

Budgetary

Business needs analysis

Standard templates

Licensing

Per-user

Socket-based

Volume-based

Core-based

Subscription

User density

System load

Trend analysis

Baselines

Patterns

Anomalies

Performance capacity planning

2

,

8

,

9

1.3  Explain the importance of high availability and scaling in cloud environments.

Hypervisors

Affinity

Anti-affinity

Oversubscription

Compute

Network

Storage

Regions and zones

Applications

Containers

Clusters

High availability of network functions

Switches

Routers

Load balancers

Firewalls

Avoid single points of failure

Scalability

Auto-scaling

Horizontal scaling

Vertical scaling

Cloud bursting

1

,

2

,

5

,

7

1.4  Given a scenario, analyze the solution design in support of the business requirements.

Requirement analysis

Software

Hardware

Integration

Budgetary

Compliance

Service-level agreement (SLA)

User and business needs

Security

Network requirements

Sizing

Subnetting

Routing

Environments

Development

Quality assurance (QA)

Staging

Blue-green

Production

Disaster recovery (DR)

Testing techniques

Vulnerability testing

Penetration testing

Performance testing

Regression testing

Functional testing

Usability testing

1

,

2

,

5

,

8

2.0 Security

Exam Objective

Chapters

2.1  Given a scenario, configure identity and access management.

Identification and authorization

Privileged access management

Logical access management

Account life-cycle management

Provision and deprovision accounts

Access controls

Role-based

Discretionary

Non-discretionary

Mandatory

Directory services

Lightweight directory access protocol (LDAP)

Federation

Certificate management

Multifactor authentication (MFA)

Single sign-on (SSO)

Security assertion markup language (SAML)

Public key infrastructure (PKI)

Secret management

Key management

2

,

3

,

4

2.2  Given a scenario, secure a network in a cloud environment

Network segmentation

Virtual LAN (VLAN)/Virtual extensible LAN (VXLAN)/Generic network virtualization encapsulation (GENEVE)

Micro-segmentation

Tiering

Protocols

Domain name service (DNS)

DNS over HTTPS (DoH)

DNS over TLS (DoT)

DNS security (DNSSEC)

Network time protocol (NTP)

Network time security (NTS)

Encryption

IPSec

Transport layer security (TLS)

Hypertext transfer protocol secure (HTTPS)

Tunneling

Secure Shell (SSH)

Layer 2 tunneling protocol (L2TP)/Point-to-point tunneling protocol (PPTP)

Generic routing encapsulation (GRE)

Network services

Firewalls

Stateful

Stateless

Web application firewall (WAF)

Application delivery controller (ADC)

Intrusion protection system (IPS)/Intrusion detection system (IDS)

Data loss prevention (DLP)

Network access control (NAC)

Packet brokers

Log and event monitoring

Network flows

Hardening and configuration changes

Disabling unnecessary ports and services

Disabling weak protocols and ciphers

Firmware upgrades

Control ingress and egress traffic

Whitelisting or blacklisting

Proxy servers

Distributed denial of service (DDoS) protection

2

,

3

2.3  Given a scenario, apply the appropriate OS and application security controls.

Policies

Password complexity

Account lockout

Application whitelisting

Software feature

User/group

User permissions

Antivirus/anti-malware/endpoint detection and response (EDR)

Host-based IDS (HIDS)/Host-based IPS (HIPS)

Hardened baselines

Single function

File integrity

Log and event monitoring

Configuration management

Builds

Stable

Long-term support (LTS)

Beta

Canary

Operating system (OS) upgrades

Encryption

Application programming interface (API) endpoint

Application

OS

Storage

Filesystem

Mandatory access control

Software firewall

2

,

3

,

4

,

5

,

7

2.4  Given a scenario, apply data security and compliance controls in cloud environments.

Encryption

Integrity

Hashing algorithms

Digital signatures

File integrity monitoring (FIM)

Classification

Segmentation

Access control

Impact of laws and regulations

Legal hold

Records management

Versioning

Retention

Destruction

Write once read many

Data loss prevention (DLP)

Cloud access security broker (CASB)

3

,

4

,

5

2.5  Given a scenario, implement measures to meet security requirements.

Tools

Vulnerability scanners

Port scanners

Vulnerability assessment

Default and common credential scans

Credentialed scans

Network-based scans

Agent-based scans

Service availabilities

Security patches

Hot fixes

Scheduled updates

Virtual patches

Signature updates

Rollups

Risk register

Prioritization of patch application

Deactivate default accounts

Impacts of security tools on systems and services

Effects of cloud service models on security implementation

3

2.6  Explain the importance of incident response procedures.

Preparation

Documentation

Call trees

Training

Tabletops

Documented incident types/categories

Roles and responsibilities

Incident response procedures

Identification

Scope

Investigation

Containment, eradication, and recovery

Isolation

Evidence acquisition

Chain of custody

Post-incident and lessons learned

Root cause analysis

9

3.0 Deployment

Exam Objective

Chapters

3.1  Given a scenario, integrate components into a cloud solution.

Subscription services

File subscriptions

Communications

Email

Voice over IP (VoIP)

Messaging

Collaboration

Virtual desktop infrastructure (VDI)

Directory and identity services

Cloud resources

IaaS

PaaS

SaaS

Provisioning resources

Compute

Storage

Network

Application

Serverless

Deploying virtual machines (VMs) and custom images

Templates

OS templates

Solution templates

Identity management

Containers

Configure variables

Configure secrets

Persistent storage

Auto-scaling

Post-deployment validation

1

,

2

,

7

,

8

3.2  Given a scenario, provision storage in cloud environments.

Types

Block

Storage area network (SAN)

Zoning

File

Network attached storage (NAS)

Object

Tenants

Buckets

Tiers

Flash

Hybrid

Spinning disks

Long-term

Input/output operations per second (IOPS) and read/write

Protocols

Network file system (NFS)

Common Internet file system (CIFS)

Internet small computer system interface (iSCSI)

Fibre Channel (FC)

Non-volatile memory express over fabrics (NVMe-oF)

Redundant array of inexpensive disks (RAID)

0

1

5

6

10

Storage system features

Compression

Deduplication

Thin provisioning

Thick provisioning

Replication

User quotas

Hyperconverged

Software-defined storage (SDS)

2

3.3  Given a scenario, deploy cloud networking solutions.

Services

Dynamic host configuration protocol (DHCP)

NTP

DNS

Content delivery network (CDN)

IP address management (IPAM)

2

Virtual private networks (VPNs)

Site-to-site

Point-to-point

Point-to-site

IPSec

Multiprotocol label switching (MPLS)

Virtual routing

Dynamic and static routing

Virtual network interface controller (vNIC)

Subnetting

Network appliances

Load balancers

Firewalls

Virtual private cloud (VPC)

Hub and spoke

Peering

VLAN/VXLAN/GENEVE

Single root input/output virtualization (SR-IOV)

Software-defined network (SDN)

2

3.4  Given a scenario, configure the appropriate compute sizing for a deployment.

Virtualization

Hypervisors

Type 1

Type 2

Simultaneous multi-threading (SMT)

Dynamic allocations

Oversubscription

Central processing unit (CPU)/virtual CPU (vCPU)

Graphics processing unit (GPU)

Virtual

Shared

Pass-through

Clock speed/Instructions per cycle (IPC)

Hyperconverged

Memory

Dynamic allocation

Ballooning

2

3.5  Given a scenario, perform cloud migrations.

Physical to virtual (P2V)

Virtual to virtual (V2V)

Cloud-to-cloud migrations

Vendor lock-in

PaaS or SaaS migrations

Access control lists (ACLs)

Firewalls

Storage migrations

Block

File

Object

Database migrations

Cross-service migrations

Relational

Non-relational

2

4.0 Operations and Support

Exam Objective

Chapters

4.1  Given a scenario, configure logging, monitoring, and alerting to maintain operational status.

Logging

Collectors

Simple network management protocol (SNMP)

Syslog

Analysis

Severity categorization

Audits

Types

Access/authentication

System

Application

Automation

Trending

Monitoring

Baselines

Thresholds

Tagging

Log scrubbing

Performance monitoring

Application

Infrastructure components

Resource utilization

Availability

SLA-defined uptime requirements

Verification of continuous monitoring activities

Service management tool integration

Alerting

Common messaging methods

Enable/disable alerts

Maintenance mode

Appropriate responses

Policies for categorizing and communicating alerts

1

,

7

,

8

4.2  Given a scenario, maintain efficient operation of a cloud environment.

Confirm completion of backups

Life-cycle management

Roadmaps

Old/current/new versions

Upgrading and migrating systems

Deprecations or end of life

Change management

Asset management

Configuration management database (CMDB)

Patching

Features or enhancements

Fixes for broken or critical infrastructure or applications

Scope of cloud elements to be patched

Hypervisors

VMs

Virtual appliances

Networking components

Applications

Storage components

Firmware

Software

OS

Policies

n-1

Rollbacks

Impacts of process improvements on systems

Upgrade methods

Rolling upgrades

Blue-green

Canary

Active-passive

Development/QA/production/DR

Dashboard and reporting

Tagging

Costs

Chargebacks

Showbacks

Elasticity usage

Connectivity

Latency

Capacity

Incidents

Health

Overall utilization

Availability

4

,

5

,

7

,

8

4.3  Given a scenario, optimize cloud environments.

Right-sizing

Auto-scaling

Horizontal scaling

Vertical scaling

Cloud bursting

Compute

CPUs

GPUs

Memory

Containers

Storage

Tiers

Adaptive optimization

IOPS

Capacity

Deduplication

Compression

Network

Bandwidth

Network interface controllers (NICs)

Latency

SDN

Edge computing

CDN

Placement

Geographical

Cluster placement

Redundancy

Colocation

Device drivers and firmware

Generic

Vendor

Open source

1

,

2

,

7

,

8

4.4  Given a scenario, apply proper automation and orchestration techniques.

Infrastructure as code

Infrastructure components and their integration

Continuous integration/ continuous deployment (CI/CD)

Version control

Configuration management

Playbook

Containers

Automation activities

Routine operations

Updates

Scaling

Shutdowns

Restarts

Create internal APIs

Secure scripting

No hardcoded passwords

Use of individual service accounts

Password vaults

Key-based authentication

Orchestration sequencing

1

,

2

,

4

,

5

,

7

4.5  Given a scenario, perform appropriate backup and restore operations.

Backup types

Incremental

Differential

Full

Synthetic full

Snapshot

Backup objects

Application-level backup

Filesystem backup

Database dumps

Configuration files

Backup targets

Tape

Disk

Object

Backup and restore policies

Retention

Schedules

Location

SLAs

Recovery time objective (RTO)

Recovery point objective (RPO)

Mean time to recovery (MTTR)

3-2-1 rule

Three copies of data

Two different media

One copy off site

Restoration methods

In place

Alternate location

Restore files

Snapshot

5

4.6  Given a scenario, perform disaster recovery tasks.

Failovers

Failback

Restore backups

Replication

Network configurations

On-premises and cloud sites

Hot

Warm

Cold

Requirements

RPO

RTO

SLA

Corporate guidelines

Documentation

DR kit

Playbook

Network diagram

Geographical datacenter requirements

6

5.0 Troubleshooting

Exam Objective

Chapters

5.1  Given a scenario, use the troubleshooting methodology to resolve cloud-related issues.

Always consider corporate policies, procedures, and impacts before implementing changes.

10

Identify the problem

Question the user and identify user changes to the computer and perform backups before making changes

Inquire regarding environmental or infrastructure changes

Establish a theory of probable cause (question the obvious)

If necessary, conduct external or internal research based on symptoms

Test the theory to determine cause

Once the theory is confirmed, determine the next steps to resolve the problem

If the theory is not confirmed, re-establish a new theory or escalate

Establish a plan of action to resolve the problem and implement the solution

Verify full system functionality and, if applicable, implement preventive measures

Document the findings, actions, and outcomes throughout the process.

5.2  Given a scenario, troubleshoot security issues.

Privilege

Missing

Incomplete

Escalation

Keys

Authentication

Authorization

Security groups

Network security groups

Directory security groups

Keys and certificates

Expired

Revoked

Trust

Compromised

Misconfigured

Misconfigured or misapplied policies

Data security issues

Unencrypted data

Data breaches

Misclassification

Lack of encryption in protocols

Insecure ciphers

Exposed endpoints

Misconfigured or failed

security appliances

IPS

IDS

NAC

WAF

Unsupported protocols

External/internal attacks

10

5.3  Given a scenario, troubleshoot deployment issues.

Connectivity issues

Cloud service provider (CSP) or Internet service provider (ISP) outages

Performance degradation

Latency

Configurations

Scripts

Applications in containers

Misconfigured templates

Missing or incorrect tags

Insufficient capacity

Scaling configurations

Compute

Storage

Bandwidth issues

Oversubscription

Licensing issues

Vendor-related issues

Migrations of vendors or platforms

Integration of vendors or platforms

API request limits

Cost or billing issues

9

5.4  Given a scenario, troubleshoot connectivity issues.

Network security group misconfigurations

ACL

Inheritance

Common networking configuration issues

Peering

Incorrect subnet

Incorrect IP address

Incorrect IP space

Routes

Default

Static

Dynamic

Firewall

Incorrectly administered micro-segmentation

Network address translation (NAT)

VPN

Source

Destination

Load balancers

Methods

Headers

Protocols

Encryption

Back ends

Front ends

DNS records

VLAN/VXLAN/GENEVE

Proxy

Maximum transmission unit (MTU)

Quality of service (QoS)

Time synchronization issues

Network troubleshooting tools

ping

tracert/traceroute

flushdns

ipconfig/ifconfig/ip

nslookup/dig

netstat/ss

route

arp

curl

Packet capture

Packet analyzer

OpenSSL client

10

5.5  Given a scenario, troubleshoot common performance issues.

Resource utilization

CPU

GPU

Memory

Storage

I/O

Capacity

Network bandwidth

Network latency

Replication

Scaling

Application

Memory management

Service overload

Incorrectly configured or failed load balancing

9

5.6  Given a scenario, troubleshoot automation or orchestration issues.

Account mismatches

Change management failures

Server name changes

IP address changes

Location changes

Version/feature mismatch

Automation tool incompatibility

Deprecated features

API version incompatibility

Job validation issue

Patching failure

9

Reader Support for This Book

If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Assessment Test

Bob is accessing a self-service portal in the cloud to instantly create additional servers, storage, and database instances for his firm's DevOps group. Which of the following options best describes this operation?

Bursting

Pay-as-you-grow

Multitenancy

On-demand

Jillian is working on a project to interconnect her company's private data center to a cloud company that offers email services and another that can provide burstable compute capacity. What type of cloud delivery model is she creating?

Public

Hybrid

Community

Private

Carl is learning how cloud service providers allocate physical resources into a group. These resources are then dynamically associated with cloud services as demand requires. What best describes this?

On-demand virtualization

Dynamic scaling

Resource pooling

Elasticity

Liza is a new Cloud+ architect for BigCo Inc. She is investigating cloud services that provide server hardware, but not applications. What cloud service is she using?

IaaS

PaaS

SaaS

CaaS

Harold is investigating his options to migrate his company's time and attendance application to the cloud. He wants to be responsible only for maintaining the application and would prefer that the public cloud company manage all underlying infrastructure and servers that are required to support his application. Harold calls you and asks for assistance in selecting a cloud service model that would meet his requirements. What would you suggest that he implement?

IaaS

PaaS

SaaS

CaaS

Jane is a Cloud+ architect working on a physical-to-virtual migration to the public cloud. She has matched VM performance levels to her established baselines. She knows that her organization may need to adjust hardware resources in the future. What cloud characteristics can she use to match cloud capacity with future growth? (Choose three.)

Elasticity

On-demand computing

Availability zones

Resiliency virtualization

Pay-as-you grow

Resource pooling

What are two elements that together distinguish the cloud from a traditional data center operation? (Choose two.)

Load balancing

Automation

Autoscaling groups

Virtualization

Dawn is interested in selecting a community cloud provider that offers a specialized financial reporting application. What type of cloud model would you recommend Dawn investigate to meet her requirements?

IaaS

PaaS

SaaS

CaaS

Carol is a cloud customer that your consulting company is assisting with their migration. She is asking you about the demarcation point of operations for her public PaaS service. Which of the following defines what you are responsible for and the responsibility of the provider?

Availability zones

Community

Shared responsibility model

Baselines

Jonathan is architecting his client's global public cloud presence for an upcoming e-commerce deployment. You have been brought on to help design the network. He asks about providing local connections in Singapore and Malaysia. What would you suggest that he investigate?

Regions

Auto-scaling groups

Availability zones

Global DNS affinity

Zale is working on a collaborative project that requires the implementation of a large-scale NoSQL database that will access three petabytes of historical data. He needs durable block storage in remote flash arrays. You have been tasked with designing the storage connectivity from the database to the stored data. What type of network connection would you recommend for NoSQL read/write access to the arrays?

Block access

Zoning

VMFS

SAN

Physical resources are virtualized and presented as resources to virtual machines running on hypervisors. What common resources does the hypervisor virtualize? (Choose three.)

Layer 2

RAM

Layer 3

CPUs

RAID

Storage

As a new Cloud+ professional, you have been hired by a company that operates its own data center; however, the company is calling it a cloud. What delivery model are you working with?

Hybrid

Public

Private

Community

Tim just logged into his cloud management dashboard to check the health monitors of his server fleet. What is the process that he completed at login?

Authorization

Accounting

Authentication

Federation

Identity access

Martha is studying SAN technologies that use the Fibre Channel protocol, and she is asking about disk configuration in the remote storage array. She asks you which type of storage she can use on her Linux servers. What storage type can she deploy? (Choose the best answer.)

Meta

Object

Block

File

Patesh is becoming familiar with the interfaces available for his operations team to use to access his hybrid cloud deployment. You have been asked to explain the common types of user-based interfaces available to manage cloud objects. What are the common interfaces that you would explain to Patesh? (Choose three.)

Web console

SNMP

API

PaaS

CLI

You work for a company that offers cloud services to the railroad industry. All railroads have a similar set of requirements and access the same applications. BigWest Rail has contacted you about becoming a customer and is asking what applications are shared with other rail operators. They also ask what type of cloud model your company offers. What type of cloud is this?

Hybrid

Public

Private

Community

Kevin is exploring a durable block storage option that offers high performance. It also needs to support striping that allows a parity bit to be used to reconstruct a volume if a single magnetic disk fails in his array. Which storage type stripes file data and performs a parity check of data over multiple disks that can recover from a single hard disk failure?

RAID 0

RAID 1

RAID 3

RAID 5

You are involved in a large-scale migration project that requires moving a Windows OS running on a dual-slot, eight-core server with no hypervisor in a data center to a virtual server in the public cloud. What type of migration is this?

vMotion

P2V

Private to public

V2V

Synchronous replication

You have been asked by a new customer what type of authentication systems require something that you have and something that you know. What type of authentication technology would you recommend?

Single sign-on

Confederations

Active Directory/LDAP

Multifactor

Beatriz stops at her bank's ATM on her way home from work. She inserts her card into the ATM and then enters her PIN on the keypad. What type of authentication is she using?

SSO

Two-factor

LDAP

User-based

Roman is the cloud administrator for a company that stores object-based data in a hybrid cloud. Because of the sensitivity of the data and various regulatory restrictions on allowing users access to sensitive security data, what type of access control would meet his security policies?

Mandatory access control

Nondiscretionary

Roles

Multifactor

William is implementing an access control rollout for a cluster of Windows SQL database servers in a hybrid cloud environment. Developers will need full read/write access to the database servers, whereas other business units will need read-only access to particular databases. What type of access control should William deploy?

Mandatory access control

Nondiscretionary

Role-based

Multifactor

Quentin is a defense contractor investigating server compliance requirements needed to be certified to meet the U.S. Department of Defense security requirements for contractors. What requirement would you recommend that he focus on?

FedRAMP

DIACAP

FISMA

Section 405.13 for DoD rule A286

Leanna wants to deploy a public cloud service that allows her to retain responsibility only for her applications and requires the cloud provider to maintain the underlying operating system and virtualized hardware. Which service model would you recommend that she implement?

IaaS

PaaS

SaaS

CaaS

Robert is configuring a new cloud interconnect to access his locally hosted Active Directory services. He wants to prevent his user base from having fragmented rights and no unified authorization services. You are brought in as a service consultant to assist in optimizing and controlling user access by implementing a technology that will give access to all allowed systems at the time of user authentication. What type of system are you deploying?

Token-based 2FA

SSO

RSA

Nondiscretionary

Cathy is preparing her company's migration plan from a private to a hybrid cloud. She wants to outline firewall and DDoS requirements. What document should she create?

DIACAP

Security policy

Service level agreement

SOC-2

Perry is investigating options for interconnecting a private cloud to a new public cloud region that supports analysis of customer-streamed IoT data. He is planning on implementing a tunnel across the Internet to interconnect the two locations to avoid the high costs of a dedicated interconnection. What transport protocol would you suggest that can offer a secure connection across the unsecure Internet?

AES

SOC-3

IPsec

RC5

Jarleen is a consultant tasked with migrating Health Med Records Inc. customer records to a cloud-based service offering a long-term archival system. Which U.S. compliance mandate must her company align with?

SOC 3

HIPAA

MPAA

ISA 2701

Fluentes is a security consultant for a day trading company that must implement strong encryption of data at rest for their cloud storage tiers. What is the best option that meets most security regulations for the encryption of stored data?

3DES

RSA

AES-256

Rivest Cipher 5

Randy is developing a new application that will be deployed in an IaaS-based public cloud. He builds a test image and deploys a test VM in his private cloud's development zone. When he stops and restarts one of the Linux-based servers, he notices that his storage volume data is missing. What type of storage exhibits this behavior? (Choose two.)

Durable

RAID

Ephemeral

Nondurable

Block

Object

Matt has finished running some security automation scripts on three newly deployed Linux servers. After applying intrusion detection, virus, and malware protection on the Linux images, he notices an increase in which VM metric on his server management dashboard?

DMA

BIOS

CPU

IPsec

I/O

Jill works in the operations center, and she is tasked with monitoring security operations. What cloud-based GUI can she use for a real-time overview of security operations?

Puppet automation

Gemalto system

Dashboard

Vendor-based security appliance

Larken is reviewing the SLA and statement of responsibility with his community cloud provider PaaS. To whom does the responsibility for stored data integrity in the cloud belong?

Cloud provider

Compliance agency

Cloud customer

Shared responsibility

Mindy has been tasked with developing a new QA test logging application, but she is concerned that the application must pull data from many different cloud locations and devices. What is a good interface for her to use to meet her requirements?

Python

XML

API

SNMP

TLS

What technology was instrumental in the growth of cloud services?

XML

Python

Automation

Authentication

Security

Workflow services

Encryption

Vicky is investigating multiple hacking attempts on her cloud-based e-commerce web servers. She wants to add a front-end security system that can actively deploy countermeasures that shut down the hacking attempts. What application would you suggest that Vicky deploy?

DMZ

IDS

IPS

RAID

HIDS

What options can you offer your user base for MFA tokens? (Choose two.)

One-time password

Smartphone app

Automation systems

Key fob

Cloud vendor management dashboard

Linda works in the IT security group of her firm and has been tasked with investigating options that will allow customers to access their personal records securely via the web. What is the most common in-flight e-commerce security protocol on the market?

MD5

SSL/TLS

IPsec

VPN

Your company has purchased a specialized intrusion prevention system that is virtualized and designed for cloud-based network micro-segmentation deployments. When reading the documentation, you notice a link to download a Java-based application to monitor and configure the IPS application. What kind of configuration program is this?

CLI

GIU

Vendor-based

API

RESTful

Name the type of software update that is designed to address a known bug and to bring a system up-to-date with previously released fixes.

Hotfix

Patch

Version update

Rollout

Your employer has developed a mission-critical application for the medical industry, and there can be no downtime during maintenance. You have designed a web architecture to take this into account and that allows you to have an exact copy of your production fleet that can be brought online to replace your existing deployment for patching and maintenance. What type of model did you implement?

Cluster

DevOps

Blue-green

Rolling

Jill is performing a Tuesday night backup of a Tier 2 storage volume of which she already completed a full backup on Sunday night. She only wants to back up files based on changes of the source data since the last backup. What type of backup is she performing?

Full

Differential

Incremental

Online

What virtual machine backup method creates a file-based image of the current state of a VM, including the complete operating system and all applications that are stored on it?

Full backup

Snapshot

Clone

Replicate

Ronald is a Cloud+ student studying systems that abstract and hide much of the complexity of modern cloud systems. What is he learning about?

Runbooks

Workflow

Orchestration

REST/API

What are common automation platforms? (Choose three.)

Chef

Cloud-patch

Ansible

DevOps

Puppet

Cloud Deploy

Marlene is updating her horizontally scaled Internet-facing web servers to remediate a critical bug. Her manager has agreed to operate under reduced computing capacity during the process but stipulates that there can be no downtime. What upgrade approach should Marlene perform to meet these requirements?

Orchestration

Rolling

Hotfix

Blue-green

What VM backup method can be used to create a master image to be used as a template to create additional systems?

Full backup

Snapshot

Clone

Replica

A new application patch is being validated prior to release to the public. The developers have a release candidate, and the DevOps manager is requesting a report that shows the pass/fail data to verify that the fix does, in fact, resolve the problem. What process is the manager verifying?

Rollout

Orchestration

Automation

QA

Jane has found a table merge issue in her SQL database hosted in a private cloud. While reviewing the log files, the vendor requested that she install a software change designed for rapid deployment that corrects a specific and critical issue. What are they referring to?

Hotfix

Patch

Version update

Rollout

To meet regulatory requirements, a medical records company is required to store customer transaction records for seven years. The records will most likely never be accessed after the second year and can be stored offline to reduce expenses. What type of storage should they implement to achieve this goal?

File transfer

Archive

Replication

Data store

Mark is creating a disaster recovery plan based on directives from his company's executive management team. His company's business is an e-commerce website that sells children's apparel, with 85 percent of its revenue received during the holiday season. If there was a severe disruption in operations, the loss of business could put the company's ongoing financial viability in peril. Mark is creating a plan that will restore operations in the shortest amount of time possible if there is an outage. What DR model is he implementing?

Hot site

Active/active

Warm site

Active/passive

Cold site

Rollover