SkillTestPro | CompTIA CloudNetX Practice Test 4

CompTIA CloudNetX Practice Test 4

CompTIA CloudNetX Practice Tests

1 / 10

A cloud security engineer wants to continuously assess and improve the security configuration of cloud workloads. Which approach is best?

Manually reviewing security logs on a weekly basis

Disabling security features to improve performance

Relying on the default security settings provided by the cloud provider

Implementing a cloud security posture management (CSPM) solution

Running periodic security assessments without automated monitoring

2 / 10

A cloud administrator is designing a hybrid network and needs to avoid IP address conflicts between on-premises and cloud networks. What is the best solution?

Enabling network address translation (NAT) on all cloud instances

Using non-overlapping private IP address ranges with subnet planning

Assigning public IP addresses to all cloud workloads

Relying on dynamic host configuration protocol (DHCP) for cloud instances

Configuring cloud workloads with duplicate IPs and relying on routing rules

3 / 10

A company must encrypt sensitive customer data in a multi-cloud environment. What is the best approach to ensure security and compliance?

Relying on cloud provider-managed keys without additional controls

Encrypting data only when stored but not during transmission

Using a centralized cloud key management system (KMS) with role-based access

Storing encryption keys within the same cloud storage bucket as the data

Using a single static encryption key for all workloads

4 / 10

A cloud-hosted application experiences frequent distributed denial-of-service (DDoS) attacks. What is the most effective way to mitigate these attacks?

Blocking all incoming traffic except from whitelisted IPs

Increasing the bandwidth allocation for the affected application

Disabling content delivery networks (CDNs) to reduce attack surface

Deploying additional instances of the application in different regions

Using a cloud-based DDoS protection service that scales dynamically

5 / 10

A security team wants to analyze traffic between cloud-based workloads to detect anomalies. What is the most effective method?

Enabling promiscuous mode on all virtual network interfaces

Forcing all traffic to route through an on-premises security appliance

Deploying a virtual network tap to capture and inspect packets

Blocking all encrypted traffic to allow deep packet inspection

Allowing only unicast traffic and blocking multicast

6 / 10

A cloud administrator needs to automate network configurations across multiple cloud providers. Which technology provides the most efficient solution?

Manual configuration of network settings in each cloud provider’s console

Deploying hardware-based networking appliances in each cloud region

Using a VPN to interconnect different cloud provider networks

Infrastructure as Code (IaC) using Terraform or CloudFormation

Writing shell scripts to run networking commands on virtual machines

7 / 10

A cloud application is exposing RESTful APIs to external partners. Which security mechanism best ensures that only authorized clients can access these APIs?

Allowing unrestricted access but monitoring traffic logs

Using public-key infrastructure (PKI) to encrypt all responses

Implementing a firewall rule to allow only one external IP address

Requiring API keys with role-based access control

Relying solely on TLS encryption for security

8 / 10

A security team is deploying an intrusion detection and prevention system (IDS/IPS) in a cloud environment. What is the best approach to minimize impact on application performance?

Implementing IDS/IPS on each virtual machine independently

Using a single centralized on-premises IDS/IPS for cloud traffic

Running IDS/IPS on a separate cloud region to balance the load

Scanning network packets only during off-peak hours

Deploying a cloud-native IDS/IPS service that scales automatically

9 / 10

A business experiencing high latency between its on-premises data center and cloud workloads wants to optimize performance. Which solution would be the most effective?

Implementing a direct cloud interconnect with a dedicated fiber link

Using a VPN tunnel over a standard broadband internet connection

Increasing the number of public IP addresses for cloud workloads

Enabling compression on application-layer traffic

Switching from IPv6 to IPv4 for compatibility reasons

10 / 10

A company wants to ensure that all traffic between its cloud-based workloads adheres to strict security policies while allowing flexibility for scaling. Which approach best enforces this requirement?

Using static firewall rules configured on each virtual machine

Deploying physical security appliances in the cloud provider’s data center

Implementing a cloud-native network policy engine

Enabling universal outbound internet access for automated updates

Applying deny-all policies and manually allowing necessary traffic

Your score is

The average score is 0%