Home > Cloud Computing > Quizzes > CompTIA Cloud+ CV0-002 Exam: Cloud Security Best Practices    
CompTIA Cloud+ CV0-002 Exam: Cloud Security Best Practices    
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 0% Most missed: “You are negotiating SLA support details with a public cloud provider. Which type…”
Topics:     - Cloud Security Engineering     - Security Governance and Strategy     - Vulnerability Management     Malicious users and malware often target public cloud providers because they host many tenants sharing pooled resources. However, most public cloud providers achieve third-party security accreditations, which is a prerequisite to doing business with larger enterprises.     Cloud consumers still have plenty of security issues to contend with, including host and network hardening as well as proper user account and data governance. Periodic security testing is key to... Show more
CompTIA Cloud+ CV0-002 Exam: Cloud Security Best Practices    
Time left 00:00
25 Questions

1. Laura is a Linux server administrator. Your company runs an HR payroll system on the Linux servers. At a recent IT meeting, Laura suggested being granted permissions to clear Linux server logs as their size reaches a specific size. Which security principle is violated if Laura is given the ability to clear Linux server logs?
2. Which type of testing best simulates external malicious users?
3. Which industry standard is used to rank IT security weaknesses?
4. Refer to Figure 11-4. Which functionality could be adversely affected?
5. IT administrators within the organization are conducting penetration tests against the organization’s cloud IT systems. What type of testing is this?
6. Which type of policy dictates that user accounts be temporarily disabled after too many incorrect login attempts?
7. Which of the following is commonly performed as part of a vulnerability assessment?
8. You are negotiating SLA support details with a public cloud provider. Which type of policy should you consult during negotiations?
9. Due to regulatory compliance, your organization’s security policies require firewall rules on all cloud networks. You need to allow inbound Windows and Linux management traffic. Which ports must be opened in the firewall?
10. Which type of testing identifies weaknesses and actively exploits them?
11. Which of the following actions violates the principle of least privilege?
12. Which three phases constitute the vulnerability scanning process?
13. You are using PowerShell to configure a host-based firewall on a Windows server. RDP administrative traffic must be allowed to reach the host. Which command should you issue?
14. Which of the following are industry-specific regulatory frameworks?
15. You receive an alert notification that one of your cloud servers has been receiving excessive amounts of network traffic from hosts with different IP addresses for the past hour. What type of attack is most likely taking place?
16. What type of testing involves user deception?
17. Which type of testing is executed by developers who wrote the code?
18. Sensitive cloud virtual machines are grouped together on a cloud network called HQApp. Two public websites will be deployed. One of the websites will require access to resources on the HQApp network. What strategy should be employed?
19. You need to automate file system permission management. Which Windows command should you use?
20. A user sends jokes to a large number of users through the organization’s cloud mail system. What type of policy violation is this?
21. Which term best describes Figure 11-2?
22. Your website has experienced numerous DoS attacks over the past month. What should you do to mitigate future attacks?
23. Which of the following is the most likely to determine whether quick or slow cloud storage is used for files?
24. Which type of testing is executed with no knowledge of how systems have been implemented?
25. Which term is most closely associated with ACLs?