An IT manager is migrating the production environment to the cloud but needs to keep control of the operating systems, patches, and settings of all resources. Which of the following deployment models will best meet the requirements?
Correct Answer:
C
Infrastructure as a Service (IaaS) is the deployment model that will best meet the requirements of retaining control over the operating systems, patches, and settings of all resources. IaaS provides the cloud infrastructure but leaves the management of the operating system and applications to the user.References: The cloud service models and the level of control they offer are fundamental topics in the CompTIA Cloud+ certification material.
An organization's internal security team mandated that public cloud resources must be accessible only by a corporate VPN and not by direct public internet access. Which of the following would achieve this objective?
Correct Answer:
C
A Virtual Private Cloud (VPC) allows users to create a secluded section of the public cloud where resources can be launched in a defined virtual network. This enables an organization to have a section ofthe cloud that is secured and isolated from the public internet, thus, access to public cloud resources can be restricted to only a corporate VPN. References: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Cloud Security
A cloud administrator deploys new VMs in a cluster and discovers they are getting IP addresses in the range of 169.254.0.0/16. Which of the following is the most likely cause?
Correct Answer:
A
IP addresses in the range of 169.254.0.0/16 are Automatic Private IP Addressing (APIPA) addresses, which devices assign themselves when they are configured to obtain an IP automatically but are unable to reach a DHCP server to get one. The most likely cause for VMs in a cluster to receive APIPA addresses is the exhaustion of the DHCP scope, meaning there are no more available IP addresses in the DHCP range to be assigned.
SIMULATION
A company hosts various containerized applications for business uses. A client reports that one of its routine business applications fails to load the web-based login prompt hosted in the company cloud.
INSTRUCTIONS
Click on each device and resource. Review the configurations, logs, and characteristics of each node in the architecture to diagnose the issue. Then, make the necessary changes to the WAF configuration to remediate the issue.
Web app 1
Web app 2
Web app 3
Web app 4
Client app
Solution:
The issue is with Web app 1 (Finance application).
From the WAF logs, we can see that requests to https://webapp1.comptia.org/FIN/login.htmlare being blocked (Rule ID 1006). The rule is configured to block access to the finance application's login page. This corresponds to the reported issue of the web-based login prompt not loading.
To remediate the issue, the WAF configuration for Rule ID 1006 should be changed from "Block" to "Allow". This will enable the web-based login prompt to load for the client. Additionally, the client app configuration indicates that the client laptop (IP 192.168.10.142) is trying to access the service, and the WAF logs show that requests from this IP are being blocked due to the current rule set. Changing the action for Rule ID 1006 will also ensure that legitimate attempts to access the login page from this IP are not blocked.
Steps for remediation:
✑ Go to the WAF configuration.
✑ Find Rule ID 1006 for the Finance application 1.
✑ Change the action from "Block" to "Allow".
✑ Save the changes.
References:
✑ Web application firewall (WAF) configurations typically include rules that define which traffic should be allowed or blocked. Blocking legitimate traffic to login pages can prevent users from accessing the application, which seems to be the case here.
✑ Client application configurations and WAF logs provide valuable insights into the source of the traffic and the rules that are affecting it. It's important to ensure that the rules align with the intended access policies for the application.
Does this meet the goal?
Correct Answer:
A
A company is developing a new web application that requires a relational database management system with minimal operational overhead. Which of the following should the company choose?
Correct Answer:
B
For a new web application that requires a relational database management system with minimal operational overhead, the company should choose a managed SQL database on the cloud. Managed databases provide automated backups, patching, and other management tasks, reducing the administrative burden.References: The use of managed services, like managed databases, to minimize operational overhead is a strategic decision in cloud computing covered in CompTIA Cloud+.
