CompTIA Cloud+ Practice Test (CV0-004)

A standardized single sign-on approach enables users to authenticate once, with their attributes accepted across multiple systems. This eliminates extra accounts for each clinic. Extending local directories keeps a single password policy but will not unify different locations under one process. Replicating accounts introduces unnecessary delays and management headaches. Allowing widespread privileges is risky and lacks control.

A manual method is the best choice for this scenario because it allows the team to directly manage resource allocation themselves, which is ideal for environments with unpredictable usage and a requirement for direct oversight. A triggered approach is not suitable because it relies on automation and performance metrics, which the environment lacks. A scheduled process would not work for unpredictable usage patterns as it operates on a fixed timetable. A vertical strategy describes the type of scaling (increasing resources like CPU or RAM on a single server) rather than the approach for initiating it. The question asks for the approach to handling capacity changes, making the manual method the correct answer.

A setup that retains essential infrastructure while not running routine operations is ideal for balancing cost and downtime. The partially configured option with some basic components standing by can be activated moderately quickly, unlike a location that demands large-scale restoration. A near-exact duplicate is more expensive and is usually prepared for immediate activation. A minimally equipped location is not ready for swift usage. A managed off-site service with adjustable capacity is not strictly a location with hardware on standby.

VPN (Virtual Private Network) forms an encrypted tunnel that protects data as it moves across an external link. A transit gateway routes network segments but does not automatically encrypt traffic. A peering arrangement merges separate networks without creating an encrypted tunnel. An application load balancer balances incoming requests but does not encrypt an entire connection from source to destination.

The failures occur because cluster nodes still cache an old container image that lacks the files referenced by the updated manifests. Forcing the platform to pull the latest image refreshes local copies and replaces outdated component definitions, allowing the deployment to succeed. Changes to DNS, memory, or time synchronization do not influence which image version is used at launch.

Short-term credentials from a validation service reduce the risk of long-term misuse by limiting the timeframe in which they can be exploited. This approach helps ensure that compromised credentials are less useful. Storing credentials in environment variables or configuration files can risk prolonged exposure or unintentional sharing. Using a common repository that is managed externally might lead to weaker governance and slow rotation.

A virtual machine that is left active, has no owner, and keeps generating usage is commonly known as a zombie instance. An unused snapshot does not continuously use compute resources. A shared resource group has designated stakeholders. An expired license node would cease functionality. Hence, the scenario described matches a zombie instance.

Following recommended community-based checks ensures consistent, foundational settings across systems. This aligns with recognized standards that address a broad range of security needs, such as permissions, network configurations, and application settings. Other options focus on limited-scope measures, delayed responses, or sporadic reviews, which do not provide a continuous and comprehensive baseline.

The correct answer is incremental backup. An incremental backup only copies data that has changed since the last backup operation of any type (full or incremental). This method results in smaller, faster backup jobs compared to full or differential backups. A full backup copies the entire dataset each time it runs. A differential backup copies all data that has changed since the last full backup. A synthetic full backup is a separate process where a new full backup is created from a prior full backup and subsequent incrementals.

The most effective administrative control is establishing a robust security awareness program with mandatory training on secrets management. This directly addresses the root cause of the human error by educating employees on the risks and best practices for handling credentials. While integrating a secret scanning tool is a highly recommended technical control, the question specifically asks for an administrative control. Applying the principle of least privilege is a valid security measure, but completely revoking necessary access for a role is often impractical. Enforcing peer reviews is another useful administrative control, but it is not as foundational as training and relies on human reviewers who can also make mistakes.

Removing the trailing comma at the end of a group adheres to strict JSON formatting rules by ensuring that each object’s final pair has no extra punctuation. Using alternative brackets or adding other punctuation would not comply with the file’s structure, and single-line or angled bracket approaches break the syntax expected by JSON viewers. Maintaining the core style of double-quoted keys and curly braces is essential for successful parsing.

Phishing is a type of social engineering attack that uses fraudulent emails or messages appearing to be from a reputable source to trick individuals into revealing sensitive information, such as login credentials. DNS hijacking is a redirection attack where DNS queries are incorrectly resolved to send a user to a malicious website. Pretexting involves an attacker creating a fabricated scenario or pretext to build trust and manipulate a victim into divulging information. SQL injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into an entry field for execution.

Introducing a token-based step for requests validates that clients have the right privileges before accessing data. Logging activity provides an audit trail but does not prohibit external calls. Storing credentials in source code is risky, exposing them if the code is leaked. Shutting down outside connections will stop legitimate users from using the service. Enforcing a request token policy ensures valid callers while preventing unauthorized ones.

A solution that uses a token from the external provider, rather than credentials, ensures the portal does not store or transmit users’ passwords. The other options keep or handle credentials in a way that fails to delegate access securely or forces the portal to manage sensitive data.

Using a container blueprint stored in a repository helps maintain a consistent environment by packaging dependencies in a lightweight manner, resulting in reduced resource consumption and simpler updates. VM templates consume more resources, archives with system libraries can increase overhead, and manual installation scripts leave more room for misconfiguration.

A canary deployment routes a small, representative subset of production traffic to the new release while the majority of users continue to use the existing version. This controlled exposure allows real-world monitoring of errors, latency, and user experience. If the metrics remain healthy, the percentage of traffic directed to the canary is gradually increased until the rollout is complete. Blue-green uses two fully provisioned environments and swaps traffic all at once, rolling updates replace instances in batches across the fleet, and an in-place update takes the entire service offline while code is replaced-none of these initially limits exposure to only a few percent of users.

This scenario is driven by a discrete event-the user sign-up-so it uses event-triggered (event-based) scaling. Manual scaling requires a cloud administrator to change capacity directly, scheduled scaling follows a predetermined timetable, and load-based (metric or trending) scaling looks at resource-utilization metrics such as CPU or network traffic rather than a specific occurrence.

The correct service is sentiment analysis, which is used to interpret and classify the emotional tone (positive, negative, or neutral) within text data. This allows the engineer to gauge public perception from customer feedback. Topic clustering groups texts by subject matter, not by emotional content. Language translation converts text from one language to another without evaluating its tone. Visual recognition is used to identify objects, people, or text within images and videos, which is not relevant for analyzing text-based comments.

A cold or archive object-storage tier (for example, AWS S3 Glacier or Azure Blob Cold) is designed for data that is rarely read yet must be retained for long periods. It offers the lowest per-gigabyte cost and supports compliance features such as object-lock/WORM. In-memory replication targets high-throughput, low-latency workloads and is far more expensive. High-performance SSD block storage also costs significantly more per gigabyte than cold/archive tiers. Deleting data after 90 days violates the seven-year retention requirement, so it fails to meet the business objective.

The primary purpose of version control is to maintain a complete history of changes. This history is crucial for rolling back to a previously known-good configuration if a latent bug or issue is discovered in the current version. Deleting older versions removes this safety net, making disaster recovery and troubleshooting significantly more difficult. While deleting history might also make it harder for new team members to understand the project's evolution, the inability to perform a rollback is a more immediate and critical operational risk.