A company's content management system (CMS) service runs on an laaS cluster on a public cloud. The CMS service is frequently targeted by a malicious threat actor using DDoS.
Which of the following should a cloud engineer monitor to identify attacks?
Correct Answer:A
To identify DDoS attacks against a CMS service, a cloud engineer should monitor network flow logs. These logs provide data about the IP traffic going to and from network interfaces in a public cloud, which is essential for detecting the increased traffic volumes typically associated with DDoS attacks. References: CompTIA Cloud+ Study Guide (Exam CV0-004) - Chapter on Security in the Cloud
Which of the following is a direct effect of cloud migration on an enterprise?
Correct Answer:D
Cloud migration typically results in a reduction of on-premises utility costs because the physical infrastructure requirements, such as power and cooling, are transferred to the cloud provider. This shift can lead to significant savings in utility expenses for the enterprise. References: CompTIA Cloud+ Guide to Cloud Computing (ISBN: 978-1-64274- 282-2)
A company wants to use a solution that will allow for quick recovery from ransomware attacks, as well as intentional and unintentional attacks on data integrity and availability. Which of the following should the company implement that will minimize administrative overhead?
Correct Answer:D
Implementing volume snapshots is an effective solution for quick recovery from ransomware attacks and protecting data integrity and availability. Snapshots capture the state of a storage volume at a point in time and can be used to restore data quickly with minimal administrative overhead.References: Data protection strategies like volume snapshots are discussed under cloud data management and protection in the CompTIA Cloud+ objectives.
Which of the following refers to the idea that data should stay within certain borders or territories?
Correct Answer:C
Data sovereignty refers to the concept that data is subject to the laws and governance structures within the nation it is collected or stored. It implies that regardless of where a company's data is stored, the data must comply with the laws of the country where it is physically located.References: The principle of data sovereignty is a critical consideration in international cloud services and is included in the governance, risk, and compliance domain of CompTIA Cloud+.
A cloud engineer is troubleshooting a connectivity issue. The application server with IP 192.168.1.10 in one subnet is not connecting to the MySQL database server with IP 192.168.2 20 in a different subnet. The cloud engineer reviews the following information: Application Server Stateful Firewall
Which of the following should the cloud engineer address lo fix the communication issue?
Correct Answer:C
The connectivity issue between the application server and the MySQL database server in different subnets is likely due to the MySQL Server Stateful Firewall's inbound rules. The application server has an IP of 192.168.1.10, but the MySQL server's inbound rules only permit IP 192.168.1.10/32 on port 3306. This rule allows only a single IP address (192.168.1.10) to communicate on port 3306, which is typical for MySQL. However, if the application server's IP is not 192.168.1.10 or the application is trying to communicate on a different port, it would be blocked. To fix the communication issue, the cloud engineer should address the inbound rules on the MySQL Server Stateful Firewall to ensure that the application server??s IP address and therequired port are allowed.References: Based on the information provided in the question and general networking principles.