Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CV0-004

CompTIA CV0-004 Exam (page: 2)
CompTIA Cloud+
Updated on: 12-Feb-2026

Viewing Page 2 of 44
CV0-004 PDF 247 Questions

A company's man web application is no longer accessible via the internet. The cloud administrator investigates and discovers the application is accessible locally and only via an IP access.
Which of the following was misconfigured?

  1. IP
  2. DHCP
  3. NAT
  4. DNS

Answer(s): D

Explanation:

When a web application is accessible locally via an IP address but not via the internet, the issue likely lies with the Domain Name System (DNS). DNS is responsible for translating domain names into IP addresses. A misconfiguration in DNS records or failure in DNS resolution can prevent users from accessing the application through its domain name, even though the application itself is running and accessible via its direct IP address.


Reference:

In the CompTIA Cloud+ curriculum, understanding cloud concepts and networking fundamentals, including DNS, is crucial for troubleshooting and ensuring applications are accessible and perform optimally in cloud environments.



A cloud engineer is provisioning a new application that requires access to the organization's public cloud resources.
Which of the following is the best way for the cloud engineer to authenticate the application?

  1. Access key
  2. API
  3. MFA token
  4. Username and Password

Answer(s): A

Explanation:

The best way to authenticate an application requiring access to an organization's public cloud resources is through the use of an access key. Access keys provide a secure means of authentication for applications and services without the need for interactive login credentials. This method is particularly useful for automated processes or applications that need to interact with cloud services programmatically, ensuring secure and efficient access control.


Reference:

CompTIA Cloud+ content emphasizes the importance of secure authentication mechanisms, such as access keys, in managing and securing access to cloud resources, aligning with best practices for cloud security and application deployment.



A security engineer Identifies a vulnerability m a containerized application. The vulnerability can be exploited by a privileged process to read tie content of the host's memory. The security engineer reviews the following Dockerfile to determine a solution to mitigate similar exploits:



Which of the following is the best solution to prevent similar exploits by privileged processes?

  1. Adding the USER myappuserinstruction
  2. Patching the host running the Docker daemon
  3. Changing FROM alpiner3.17 to FROM alpine:latest
  4. Running the container with the ready-only filesystem configuration

Answer(s): A

Explanation:

Adding the "USER myappuser" instruction to the Dockerfile is the best solution to prevent similar exploits by privileged processes. This instruction ensures that the container runs as a non-privileged user instead of the root user, significantly reducing the risk of privileged exploits. Running containers with least privilege principles minimizes the potential impact of vulnerabilities, enhancing the overall security posture of the containerized environment.


Reference:

The CompTIA Cloud+ framework includes security concerns, measures, and concepts for cloud operations, highlighting the importance of container security practices, such as running containers as non-root users to prevent unauthorized access and exploitation.



A cross-site request forgery vulnerability exploited a web application that was hosted in a public laaS network. A security engineer determined that deploying a WAF in blocking mode at a CDN would prevent the application from being exploited again. However, a week after implementing the WAF, the application was exploited again.
Which of the following should the security engineer do to make the WAF control effective?

  1. Configure the DDoS protection on the CDN.
  2. Install endpoint protection software on the VMs
  3. Add an ACL to the VM subnet.
  4. Deploy an IDS on the laaS network.

Answer(s): C

Explanation:

After a WAF deployment fails to prevent an exploit, adding an Access Control List (ACL) to the Virtual Machine (VM) subnet can be an effective control. ACLs provide an additional layer of security by explicitly defining which traffic can or cannot enter a network segment. By setting granular rules based on IP addresses, protocols, and ports, ACLs help to restrict access to resources, thereby mitigating potential exploits and enhancing the security of the IaaS network.


Reference:

CompTIA Cloud+ materials cover governance, risk, compliance, and security for the cloud, including the implementation of network security controls like ACLs, to protect cloud environments from unauthorized access and potential security threats.



A cloud engineer wants containers to run the latest version of a container base image to reduce the number of vulnerabilities. The applications in use requite Python 3.10 and ate not compatible with any other version. The containers' images are created every time a new version is released from the source image. Given the container Dockerfile below:



Which of the following actions will achieve the objectives with the least effort?

  1. Perform docker pull before executing docker run.
  2. Execute docker update using a local cron to get the latest container version.
  3. Change the image to use python:latest on the image build process.
  4. Update the Dockerfile to pin the source image version.

Answer(s): A

Explanation:

Performing a "docker pull" before executing "docker run" ensures that the latest version of the container base image is used, aligning with the objective of reducing vulnerabilities. This command fetches the latest image version from the repository, ensuring that the container runs the most up- to-date and secure version of the base image. This approach is efficient and requires minimal effort,

as it automates the process of maintaining the latest image versions for container deployments.


Reference:

Within the CompTIA Cloud+ examination scope, understanding management and technical operations in cloud environments, including container management and security, is critical. This includes best practices for maintaining up-to-date container images to minimize vulnerabilities.



Viewing Page 2 of 44



Share your comments for CompTIA CV0-004 exam with other users:

SkepticReader 8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).
UNITED STATES


Nabin 10/16/2023 4:58:00 AM

helpful content
MALAYSIA


Blessious Phiri 8/15/2023 3:19:00 PM

oracle 19c is complex db
Anonymous


Sreenivas 10/24/2023 12:59:00 AM

helpful for practice
Anonymous


Liz 9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.
UNITED STATES


Namrata 7/15/2023 2:22:00 AM

helpful questions
Anonymous


lipsa 11/8/2023 12:54:00 PM

thanks for question
Anonymous


Eli 6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
EUROPEAN UNION


open2exam 10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?
Anonymous


Gerald 9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
UNITED STATES


ryo 9/10/2023 2:27:00 PM

very helpful
MEXICO


Jamshed 6/20/2023 4:32:00 AM

i need this exam
PAKISTAN


Roberto Capra 6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?
Anonymous


Synt 5/23/2023 9:33:00 PM

need to view
UNITED STATES


Vey 5/27/2023 12:06:00 AM

highly appreciate for your sharing.
CAMBODIA


Tshepang 8/18/2023 4:41:00 AM

kindly share this dump. thank you
Anonymous


Jay 9/26/2023 8:00:00 AM

link plz for download
UNITED STATES


Leo 10/30/2023 1:11:00 PM

data quality oecd
Anonymous


Blessious Phiri 8/13/2023 9:35:00 AM

rman is one good recovery technology
Anonymous


DiligentSam 9/30/2023 10:26:00 AM

need it thx
Anonymous


Vani 8/10/2023 8:11:00 PM

good questions
NEW ZEALAND


Fares 9/11/2023 5:00:00 AM

good one nice revision
Anonymous


Lingaraj 10/26/2023 1:27:00 AM

i love this thank you i need
Anonymous


Muhammad Rawish Siddiqui 12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.
SAUDI ARABIA


al 6/7/2023 10:25:00 AM

most answers not correct here
Anonymous


Bano 1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?
UNITED STATES


Oliviajames 10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
UNITED STATES


Divya 8/27/2023 12:31:00 PM

all the best
UNITED STATES


KY 1/1/2024 11:01:00 PM

very usefull document
Anonymous


Arun 9/20/2023 4:52:00 PM

nice and helpful questions
INDIA


Joseph J 7/11/2023 2:53:00 PM

i found the questions helpful
UNITED STATES


Meg 10/12/2023 8:02:00 AM

q 105 . ans is d
INDIA


Navaneeth S 7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification
UNITED STATES


Aish 10/11/2023 5:27:00 AM

want to pass exm.
INDIA