comptia cloud+ practice exam Advanced Practice Exam: Hard Questions 2025

A SaaS provider is designing a multi-region active/active architecture for a stateless web tier and a stateful order-processing service. The business requires an RPO near zero and an RTO under five minutes. The data layer uses a managed relational database that supports cross-region replication but the application writes must remain strongly consistent for inventory decrements. Which architecture choice best meets the requirements with the fewest consistency-related failure modes?

A company is migrating a monolithic application to microservices on a managed Kubernetes platform. The security team mandates workload isolation between payment-processing pods and general application pods, and requires that east-west traffic be restricted to only explicitly allowed service-to-service communication. The cluster spans multiple nodes and namespaces. Which approach most directly satisfies the requirement with least operational overhead?

A regulated enterprise uses a cloud key management service (KMS) with customer-managed keys (CMKs) to encrypt object storage. Auditors require proof that cloud administrators cannot decrypt sensitive data without explicit approval and that all key usage is immutably logged. Which design best meets these requirements?

A company is adopting IaC for a large cloud footprint. A recent incident occurred when an engineer applied a change that inadvertently destroyed and recreated a managed database, causing extended downtime. The team wants to prevent destructive changes in production while still allowing rapid iteration in dev/test. Which combination is the most effective control set?

An organization runs a globally distributed API behind a CDN and a regional load balancer. After deploying a new version, some users report receiving mixed responses: old and new API behavior within the same session. The deployment used a blue/green approach, and the team updated DNS records to point to the new load balancer. Which is the MOST likely cause of the mixed behavior and the BEST immediate mitigation?

A platform team runs managed Kubernetes and wants to introduce a service mesh to standardize mTLS, traffic shaping, and distributed tracing across hundreds of services. They must minimize latency impact and operational complexity, and they cannot mandate code changes across all services immediately. Which rollout strategy is MOST appropriate?

A cloud operations team needs to implement an SRE-aligned monitoring strategy for a customer-facing application. The app has strict availability targets and frequent deployments. Leadership complains that the team pages too often for non-customer-impacting issues. Which approach BEST reduces alert fatigue while maintaining reliability?

A company must demonstrate compliance with data retention policies for logs generated by cloud services and workloads. Requirements include: centralized collection, long-term retention, immutability, and the ability to run ad hoc queries without modifying original logs. Which solution BEST meets these requirements?

After migrating an application to cloud instances behind a load balancer, users intermittently experience timeouts only during peak traffic. Instance CPU is below 40%, but the number of established connections is near the OS limit. The app uses a thread-per-connection model and relies on a backend database. Which change is MOST likely to resolve the timeouts with the least risk of introducing data inconsistency?

A multi-tenant application uses object storage with pre-signed URLs for uploads. A security review finds that a tenant can sometimes access objects belonging to another tenant when using a pre-signed URL captured from logs. The URLs expire after 15 minutes. The team needs to remediate without removing pre-signed URLs. Which change is MOST effective?