50 comptia cloud+ practice exam Practice Questions: Question Bank 2025

A company wants to improve application resiliency in the cloud. The application must remain available even if one availability zone fails, and the company wants minimal changes to the application code. Which design BEST meets this requirement?

An administrator needs to enforce consistent configurations for cloud VMs and quickly rebuild servers when needed. Which approach is MOST aligned with cloud best practices?

A cloud engineer needs to secure administrative access to a set of Linux VMs. Which action is the BEST security practice?

A service desk receives alerts that a cloud-hosted web application is responding slowly. CPU and memory utilization are normal, but disk I/O wait time on the VM is consistently high. Which action should be performed FIRST?

A company is migrating an internal application to the cloud. The app requires connectivity to an on-premises database with predictable latency and should not traverse the public internet. Which solution BEST meets these requirements?

A cloud operations team wants to reduce the impact of a compromised application server. The requirement is to prevent the server from initiating outbound connections except to required update repositories and internal logging endpoints. What is the BEST control to implement?

A team is deploying a new microservices application using containers. They want automated rollouts, health-based restarts, and horizontal scaling without managing individual container hosts. Which solution BEST meets these goals?

A cloud administrator needs to support an application with unpredictable traffic patterns. The goal is to maintain performance while controlling cost, and scaling should occur automatically based on demand. Which approach is BEST?

A security audit finds that developers can create IAM policies granting full administrative privileges and attach them to any role. The company wants to prevent privilege escalation while still allowing developers to manage resources within their projects. Which solution is MOST appropriate?

After migrating an application to the cloud, users report intermittent connectivity timeouts. Monitoring shows packet loss between on-premises clients and the cloud subnet. The cloud VMs can reach the internet and communicate within the cloud VPC/VNet. Which is the MOST likely cause?

A cloud administrator needs to ensure new virtual machine instances always receive the latest security patches at first boot without manually updating images each week. Which approach BEST meets this requirement?

A company is designing a cloud network with public web servers and private database servers. Which design BEST supports the principle of least privilege?

A cloud engineer needs to quickly verify whether a set of cloud resources is tagged according to policy (e.g., cost center and owner) without modifying any resources. What is the MOST appropriate first step?

A development team wants to reduce deployment failures caused by configuration drift between environments. Which practice BEST addresses this issue in a cloud environment?

After migrating an application to cloud object storage for static content, users report intermittent failures loading images. Logs show HTTP 403 errors when requesting certain objects. Which is the MOST likely cause?

A security team must ensure that administrators use short-lived credentials to manage cloud resources and that all actions are traceable to individual identities. Which solution BEST meets these requirements?

A cloud administrator is planning maintenance on a cluster. They need to upgrade instances with minimal downtime and the ability to roll back quickly if errors occur. Which deployment strategy is MOST appropriate?

A cloud operations team notices that application response times are increasing during peak usage, but CPU utilization on instances remains low. Which metric would be MOST useful to review NEXT to identify the bottleneck?

A regulated organization must ensure that database backups are protected from ransomware and accidental deletion, including by privileged administrators, for a defined retention period. Which approach BEST satisfies this requirement?

A company is designing a multi-region cloud architecture for a customer-facing API. The requirement is to continue operating if an entire region becomes unavailable, while keeping data consistent enough to avoid duplicate transactions. Which design BEST balances availability and consistency for this scenario?

A cloud administrator needs to ensure that all API calls to the organization’s cloud resources are authenticated and authorized using a centralized identity source. Which solution best meets this requirement?

A company wants new virtual machines to automatically register with monitoring, apply security baselines, and install required agents at first boot. Which approach is the MOST appropriate?

A cloud operations team wants to reduce mean time to detect (MTTD) performance issues for a web application. Which action is MOST effective?

An organization must prevent public exposure of sensitive objects in cloud storage while still allowing internal application access. Which control is MOST appropriate?

A company is deploying a multi-tier application to the cloud. The database tier must not be reachable from the internet, but the web tier must be publicly accessible. Which network design BEST meets the requirement?

A DevOps team wants to deploy infrastructure changes consistently across multiple environments (dev/test/prod) and reduce configuration drift. Which solution is MOST appropriate?

Users report intermittent timeouts when accessing an application hosted behind a load balancer. Monitoring shows one backend instance has significantly higher latency than others. What is the BEST next step to reduce user impact while troubleshooting continues?

A regulated organization must ensure encryption keys used by cloud services are not accessible to the cloud provider’s administrators and that key usage is fully auditable. Which solution BEST meets these requirements?

A global application must remain available even if an entire region becomes unreachable. The solution must minimize recovery time while keeping data consistent enough for transactional workloads. Which design is MOST appropriate?

After migrating a workload to a cloud environment, the security team discovers that east-west traffic between application components is unencrypted. They need a solution that provides encryption in transit with minimal application code changes and supports identity-based policies between services. What should the team implement?

A cloud engineer wants to prevent misconfigurations by ensuring that all new storage buckets are encrypted and disallow public access at creation time. Which approach is BEST?

A company wants to reduce recovery time after a regional outage by keeping critical workloads running in multiple regions at the same time. Which design BEST meets this requirement?

A development team reports that their new container images are failing vulnerability checks in the CI pipeline. What is the MOST appropriate next step to reduce recurring failures?

A cloud administrator wants to quickly determine whether an application outage is caused by the cloud provider or by the company's own configuration changes. Which document should the administrator check FIRST?

A company is deploying an application across multiple availability zones. Users report intermittent connection failures, and logs show sessions dropping when traffic shifts zones. Which solution BEST addresses this issue?

A deployment pipeline provisions infrastructure using templates. After a change, production resources were accidentally created in the wrong network segment. Which control BEST prevents this from recurring?

A cloud operations team needs to ensure only approved VM images can be deployed across the organization. Which solution BEST meets this requirement?

An application running on VMs is experiencing unexpected cost increases. Monitoring shows CPU utilization averages 10% but memory utilization is consistently 85%. What is the BEST next step to optimize costs without sacrificing performance?

A private cloud uses an overlay network for tenant isolation. After deploying a new compute host, several tenant VMs on that host cannot reach VMs on other hosts, but same-host communication works. Which is the MOST likely cause?

A regulated organization must ensure that encryption keys for cloud storage are not accessible to the cloud provider administrators. Which solution BEST satisfies this requirement?

A cloud administrator needs to ensure a web application automatically scales out during traffic spikes and scales in when demand drops, without manual intervention. Which capability best meets this requirement?

A company is migrating a multi-tier application to the cloud and wants to restrict database access so only application servers can connect to it. Which control is the BEST choice?

An operations team is standardizing how they deploy identical VM configurations across multiple environments. Which approach is MOST appropriate to ensure repeatable deployments?

A company wants to reduce risk when deploying new application releases by shifting a small percentage of user traffic to the new version and gradually increasing it if metrics look healthy. Which deployment strategy is being used?

A security engineer needs to ensure all API calls to a cloud management plane are verifiable and cannot be repudiated later. Which control BEST addresses this requirement?

A cloud workload runs in private subnets and must access the internet to download updates, but inbound connections from the internet must not be allowed. Which solution BEST meets this requirement?

A monitoring system shows normal CPU and memory utilization on a VM hosting an application, but users report slow response times. The VM's disk queue length is consistently high. What is the MOST likely cause?

An organization uses ephemeral instances that are frequently created and destroyed. They need a secure way for workloads to access cloud resources without embedding long-lived secrets in images or code. What is the BEST solution?

After migrating to a hybrid architecture, users report intermittent authentication failures to an application hosted in the cloud that relies on an on-premises directory service. Network connectivity appears stable. Logs show authentication requests timing out during peak usage. Which design change is MOST likely to resolve the issue while improving resiliency?

A support team needs to ensure production incidents can be analyzed later, even if workloads are terminated or scaled in. Which operational practice BEST supports this requirement?