View CV0-004 Exam Questions

Q: 1

Which of the following industry standards mentions that credit card data must not be exchanged or stored in cleartext?

Options

Discussion

Leo Feb 27, 2026 12:40 am

Option D

Sara L. Feb 18, 2026 2:07 pm

I don’t think it’s B. D is right because PCI-DSS specifically bans cleartext storage and transmission of cardholder data. GDPR covers general personal info, not this level of technical detail for credit cards.

Taylor Feb 16, 2026 5:07 pm

Yeah, that's D. PCI-DSS specifically requires credit card data to be encrypted and never stored or transmitted in cleartext. The other standards don't call this out as directly, pretty sure PCI is the one they want here.

Ben Mar 1, 2026 4:54 am

Pretty sure it's D. PCI-DSS is all about protecting cardholder data and says no cleartext allowed.

Neha Q. Feb 15, 2026 8:46 am

D (PCI-DSS). Saw this exact phrasing on some practice sets and PCI-DSS was always picked for credit card data rules.

Ajay Mar 2, 2026 6:25 pm

B/D? I keep seeing folks swap to B (GDPR) if they mention personal data instead of credit cards. For credit card data, D fits, but depending on wording, it can get tricky. Anyone else second-guess this?

QuietDev706 Mar 4, 2026 10:31 am

D imo, but that's only because they explicitly mention credit card data. If the question was about general personal or customer data, B (GDPR) could apply instead. Seen this wording on some practice sets where that switch totally changes the answer. Anyone else catch that nuance?

Jack K. Feb 28, 2026 10:11 am

D , PCI-DSS directly calls out credit card data in cleartext, not GDPR. SOC2 is a trap here.

PracticalConsultant9363 Feb 27, 2026 3:46 am

D seen similar question on practice before and PCI-DSS was correct.

SkepticalArchitect9201 Feb 13, 2026 5:55 am

D , but swap to B if they said personal data instead of credit cards.

Be respectful. No spam.

Correct Answer:

Explanation

The Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. A fundamental principle of PCI-DSS is the protection of cardholder data. Specifically, Requirement 3 mandates the protection of stored cardholder data, requiring the Primary Account Number (PAN) to be rendered unreadable wherever it is stored. Requirement 4 mandates the encryption of cardholder data during transmission over open, public networks. These requirements directly address the prohibition of exchanging or storing credit card data in cleartext.

Why Incorrect

A. CSA: The Cloud Security Alliance (CSA) provides research and best practices for cloud security (e.g., the Cloud Controls Matrix), but it is not a regulatory standard specifically for credit card data.

B. GDPR: The General Data Protection Regulation (GDPR) is a European Union regulation focused on the protection of personal data and privacy of EU citizens, not exclusively on payment card information.

C. SOC 2: A Service Organization Control 2 (SOC 2) report is an audit of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy, but it is not the specific standard governing credit card data.

References

1. PCI Security Standards Council. (2022). Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures

Version 4.0. Page 48

Requirement 3.5.1 states

"Primary account number (PAN) is rendered unreadable wherever it is stored." Page 58

Requirement 4.2.1 states

"Strong cryptography and security protocols are used to safeguard PAN during transmission over open

public networks."

2. Amazon Web Services (AWS). (2024). PCI DSS Compliance. AWS Compliance Documentation. Retrieved from https://aws.amazon.com/compliance/pci-dss-level-1-faqs/. The documentation states

"The PCI DSS is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes."

3. Microsoft Azure. (2024). Azure compliance documentation: PCI DSS. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-pci-dss. The document clarifies

"The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data."

Q: 2

Two CVEs are discovered on servers in the company's public cloud virtual network. The CVEs are listed as having an attack vector value of network and CVSS score of 9.0. Which of the following actions would be the best way to mitigate the vulnerabilities?

Options

Discussion

Olivia Mar 3, 2026 2:55 pm

A not D, since patching actually removes the vulnerability rather than just blocking a port. Seen this on practice sets.

Liam F. Feb 22, 2026 9:45 pm

For me, A, but I'd review official CompTIA guide on patch management for confirmation.

Reese R. Feb 22, 2026 5:29 pm

Its A

LoganE Feb 21, 2026 8:20 am

A saw a similar question in practice and patching is always the main fix for CVEs like this.

Leo M. Feb 15, 2026 10:02 pm

BenP Mar 2, 2026 11:59 pm

D or A. I picked D because closing unnecessary open ports can block network-based exploits, especially when patching right away isn't an option. Might not fully remediate, though, since the underlying CVE is still there. Anyone else thinking D makes sense for quick mitigation?

Ryan T. Feb 21, 2026 12:27 am

A tbh, but I'd double-check exam practice and CompTIA docs for this scenario.

Nathan F. Feb 27, 2026 5:55 am

A is wrong, patching only works if vendor released a fix already. B.

LaylaB Mar 5, 2026 1:22 am

Patching (A) is the most solid approach here since it actually fixes the core vulnerability tied to the CVE. Disabling ports (D) helps limit attack surface but doesn't resolve the flaw itself, especially with a CVSS 9.0 and network vector. I think patching is always top priority for this scenario, unless there's some reason patching isn't possible right away-agree?

Drew Feb 18, 2026 8:46 pm

Be respectful. No spam.

Correct Answer:

Explanation

A Common Vulnerability and Exposure (CVE) identifies a specific, known software flaw. The standard and most direct method to remediate such a vulnerability is to apply the security patch released by the vendor. Given the critical CVSS score of 9.0 and a network attack vector, the vulnerability is remotely exploitable and poses a significant risk. Patching the operating systems directly addresses and eliminates the underlying security flaw, which is the most effective and appropriate mitigation strategy. This action is a fundamental component of vulnerability management and security hygiene.

Why Incorrect

Upgrading to beta software is not a recommended security practice for production systems as it is untested and likely contains its own bugs and vulnerabilities.

Encrypting operating system disks protects data at rest but offers no protection against a network-based attack that exploits a vulnerability in the running OS.

Disabling ports is a hardening measure but does not fix the vulnerability itself and may not be feasible if the flaw exists on a necessary, business-critical service.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-40r4 (Draft)

Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. Section 2.1

"The Importance of Patch Management

" states

"Patch management is the process of identifying

acquiring

installing

and verifying patches for products and systems. Patches correct security and functionality problems in software and firmware." This establishes patching as the direct corrective action for vulnerabilities.

2. AWS Well-Architected Framework

Security Pillar (July 2023). Page 49

under "Vulnerability Management

" recommends

"Perform vulnerability scans and patching in a timely manner to reduce the attack surface... Automate patching to operating systems and applications to reduce the window of opportunity for an attacker." This highlights patching as a primary security control in a public cloud environment.

3. FIRST.org

Common Vulnerability Scoring System v3.1: Specification Document. Section 2.1

"Attack Vector (AV)

" defines the "Network" value

confirming the remote exploitability. Section 4

"Qualitative Severity Rating Scale

" categorizes a CVSS Base Score of 9.0-10.0 as "Critical

" underscoring the urgency for remediation.

4. Microsoft Azure Documentation

Remediate findings from Microsoft Defender for Endpoint. The documentation outlines the process for handling discovered vulnerabilities

stating

"After you've identified the devices at risk

you can remediate them with a security recommendation." These recommendations consistently prioritize applying vendor-supplied security updates (patches).

Q: 3

Which of the following communication methods between on-premises and cloud environments would ensure minimal-to-low latency and overhead?

Options

Discussion

Olivia F. Feb 20, 2026 1:17 am

I don’t think D fits here. C is the better pick since direct connection (like AWS Direct Connect or ExpressRoute) means dedicated line, much lower latency and overhead compared to anything internet-based. VPN adds encryption overhead and peering is usually just cloud-to-cloud, not on-prem. Pretty sure it’s C unless they throw in some security requirement.

FriendlyAuditor2746 Feb 25, 2026 8:24 pm

C tbh

Ravi S. Mar 4, 2026 3:26 am

C vs A. Direct connection (C) really does give lowest latency and basically no VPN encryption overhead. Site-to-site VPN (A) is common but the encryption adds a bit of delay. I’m pretty sure C matches what the question wants, unless there’s something about cost I missed.

Emma I. Feb 28, 2026 6:09 pm

Its A. Site-to-site VPNs are super common for this use case and I always see them mentioned for hybrid connections, plus the overhead isn't massive. Not 100% but direct connect feels like overkill here. Trap between A and C for sure.

Jack X. Mar 1, 2026 3:51 pm

C vs D? Peering looks tempting but that's usually for cloud-to-cloud links, not on-prem to cloud. Pretty sure C is intended here.

Mason Feb 26, 2026 12:54 pm

Grace K. Feb 22, 2026 2:46 pm

I’d pick A. Site-to-site VPN is used a lot for these setups, and overhead isn’t always that high in my experience.

Luna P. Mar 4, 2026 9:37 pm

Site-to-site VPN (A) looks good if you want something common and secure between on-prem and cloud. Practice tests always mention it, though official guide leans direct connect for latency.

Maya D. Feb 28, 2026 10:34 am

A or D? If a peering link is set up to directly extend on-prem routing into your cloud VPC (some hybrid setups offer that), you could argue D delivers minimal overhead too. But I think the question expects a more traditional setup, so I'm second guessing myself. Anyone else see this as a trick with peering?

AaronN Feb 28, 2026 12:44 am

Its C here. D is a trap since peering is for cloud-to-cloud, but the question says on-prem to cloud.

Be respectful. No spam.

Correct Answer:

Explanation

A direct connection, such as AWS Direct Connect, Azure ExpressRoute, or Google Cloud Interconnect, establishes a dedicated, private physical or logical network link between an on-premises data center and the cloud provider's network. By bypassing the public internet, this method avoids the variable performance, unpredictable routing, and congestion inherent to shared networks. This results in a highly consistent network experience with minimal latency and lower overhead compared to internet-based solutions like VPNs, which must contend with public network conditions and the processing overhead of encryption/decryption.

Why Incorrect

A. Site-to-site VPN: This method tunnels traffic over the public internet, which leads to unpredictable latency and performance. The encryption process also introduces computational overhead.

B. Peer-to-peer VPN: This is not the standard terminology for connecting an entire on-premises network to a cloud environment and still relies on the public internet, sharing the same drawbacks as a site-to-site VPN.

D. Peering: In a cloud context, this typically refers to connecting two virtual networks within the cloud (e.g., VPC Peering). It does not describe a dedicated connection from an on-premises location.

References

1. Microsoft Azure Documentation. (2023). What is Azure ExpressRoute? Microsoft Learn. In the "Benefits" section

it states

"ExpressRoute connections don't go over the public Internet. They offer more reliability

faster speeds

consistent latencies

and higher security than typical connections over the Internet."

2. Amazon Web Services Documentation. (2023). AWS Direct Connect FAQs. Under the question "How is AWS Direct Connect different from an IPsec VPN Connection?"

the documentation explains

"An IPsec VPN connection utilizes the internet... AWS Direct Connect bypasses the internet... [providing] a more consistent network experience than internet-based connections."

3. Google Cloud Documentation. (2023). Choosing a Network Connectivity product. The comparison table shows that for the requirement of "Lowest latency

" the recommended solution is "Dedicated Interconnect

" which is a direct connection. It explicitly contrasts this with Cloud VPN

which operates over the internet.

Q: 4

A cloud administrator needs to collect process-level, memory-usage tracking for the virtual machines that are part of an autoscaling group. Which of the following is the best way to accomplish the goal by using cloud-native monitoring services?

Options

Discussion

Ishaan W. Feb 13, 2026 3:33 am

B. not D. D only shows total VM memory, not process-level which the question asks for.

Chris U. Feb 27, 2026 5:59 pm

Option B

Daniel J. Mar 3, 2026 1:38 am

B or D? Had something like this in a mock, picked B for per-process detail.

TaylorF Mar 4, 2026 2:26 pm

Nora U. Mar 1, 2026 12:46 am

D , because enabling memory monitoring in the VM config seems like it should let you track usage without extra agents. But now I'm not sure if that gets down to process-level details. Anyone else tripped up by this wording?

Aisha O. Mar 2, 2026 4:42 pm

B tbh, since cloud-native memory monitoring (D) usually just gives you the total VM memory, not process-level info. Only deploying the agent gets you that detailed breakdown. I remember AWS and Azure both needing agents for this, correct me if that's changed.

Skyler V. Feb 26, 2026 9:15 pm

C or D here. Scripts can grab process-level memory stats and run on schedule, which I've seen in practice labs. Official guide mentions agent install more, but for quick data collection without extra software, a script could work too. Anyone see C used in practice tests?

Ben E. Feb 23, 2026 6:18 am

B , the monitoring agent is really the only cloud-native way to get actual process-level and memory usage. Official guides and labs both mention deploying these agents for deep OS stats. Open to other thoughts but that's what I've seen most in practice tests.

Piya C. Feb 22, 2026 10:23 pm

You'd need B for process-level details, since the built-in memory metrics (like in D) usually only show you the whole VM. The cloud-native monitoring agent gets inside the OS and grabs that per-process and memory info. Pretty sure that's how AWS and Azure do it, too. Let me know if I'm missing something from recent updates.

MeeraP Feb 17, 2026 6:19 pm

Looks like B is the way to go here. Native memory monitoring (like D) gives you overall usage but won't break it down by process, which is what the question wants. You need the agent installed inside the VM to get process-level stats-it's a classic trap to pick D just because it sounds easy. Pretty sure that's how AWS and Azure do it too, correct me if I'm wrong.

Be respectful. No spam.

Correct Answer:

Explanation

Cloud-native monitoring services (like AWS CloudWatch, Azure Monitor, or Google Cloud's operations suite) provide high-level metrics from the hypervisor by default, such as overall CPU utilization for a VM. However, to collect detailed in-guest operating system data, such as process-level memory usage, it is necessary to install a dedicated monitoring agent. This agent software runs inside the VM, collects the specified metrics directly from the OS, and sends them to the cloud monitoring service. For an autoscaling group, the agent is installed on the base machine image, ensuring all new instances automatically report these detailed metrics, making it the most effective and scalable solution.

Why Incorrect

A. Configuring page file/swap metrics: This only tracks the usage of virtual memory on disk, which is an indicator of memory pressure, not a direct measurement of memory usage by individual processes.

C. Scheduling a script to collect the data: This is a custom, non-native solution. While possible, it requires manual development and maintenance and is less integrated and reliable than using the purpose-built agent provided by the cloud platform.

D. Enabling memory monitoring in the VM configuration: This option typically enables hypervisor-level memory metrics, which report the total memory consumed by the VM as a whole, but lack the visibility to report on individual processes running inside the guest OS.

References

1. Amazon Web Services (AWS) Documentation. The CloudWatch agent is required to collect guest OS-level metrics. "By default

EC2 instances send hypervisor-visible metrics to CloudWatch... To collect metrics from the operating system or from applications

you must install the CloudWatch agent."

Source: AWS Documentation

"The metrics that the CloudWatch agent collects

" Section: "Predefined metric sets for the CloudWatch agent."

2. Microsoft Azure Documentation. The Azure Monitor agent is used to collect in-depth data from the guest operating system of virtual machines. "Use the Azure Monitor agent to collect guest operating system data from Azure... virtual machines... It collects data from the guest operating system and delivers it to Azure Monitor."

Source: Microsoft Learn

"Azure Monitor agent overview

" Introduction section.

3. Google Cloud Documentation. The Ops Agent is Google's solution for collecting detailed telemetry from within Compute Engine instances. "The Ops Agent is the primary agent for collecting telemetry from your Compute Engine instances. It collects both logs and metrics." The agent can be configured to collect process metrics.

Source: Google Cloud Documentation

"Ops Agent overview

" What the Ops Agent collects section.

4. Armbrust

et al. (2010). A View of Cloud Computing. This foundational academic paper from UC Berkeley discusses the challenges of cloud monitoring

implying the need for mechanisms beyond the hypervisor to understand application-level performance. The distinction between what the infrastructure provider can see (hypervisor-level) and what the user needs to see (in-guest) necessitates agent-based approaches for detailed monitoring.

Source: Communications of the ACM

53(4)

50-58. Section 5.3

"Monitoring and Auditing." DOI: https://doi.org/10.1145/1721654.1721672

Q: 5

A company's engineering department is conducting a month-long test on the scalability of an in- house-developed software that requires a cluster of 100 or more servers. Which of the following models is the best to use?

Options

Discussion

Ethan Feb 26, 2026 4:03 am

D . Only IaaS gives enough control to launch 100+ servers and set them up exactly how engineering wants. PaaS or SaaS just wouldn't let you tweak the base systems for this kind of scale test. Seen similar practice stuff point to D too.

Jack X. Feb 17, 2026 5:57 pm

Option D. Not totally sure but IaaS should fit since you need a bunch of servers for custom testing, right?

FocusedAuditor1430 Mar 2, 2026 11:07 am

B , saw a similar question in an official practice test and it tripped me up.

Arjun Feb 22, 2026 7:20 am

Not A, D is it here. Only IaaS handles full server clusters for custom setups like this test.

Aaron S. Feb 21, 2026 3:27 pm

So if they're spinning up 100+ servers just to test scaling on their own app, IaaS (D) is the only one that gives full control over the VMs and network. PaaS wouldn't let them customize that much. Pretty sure it's D but feel free to argue otherwise.

Sean J. Feb 13, 2026 2:52 am

D imo, but if they provided a managed clustering service the answer could flip to A depending on config details.

MeeraS Feb 24, 2026 2:40 am

C/D? Not 100 percent but those both seem plausible for clusters.

FriendlyDev8422 Feb 12, 2026 9:22 pm

C/D? Honestly, PaaS (A) can look tempting because it handles scaling for devs, but I think for 100+ custom server clusters where you control OS and networking, D (IaaS) is still safer. Could see A tripping folks though.

Noah R. Feb 28, 2026 6:00 pm

C or A for me. If the official guide covers anything about testing app scalability in cloud setups, PaaS sometimes shows up as best for deploying custom clusters quickly too. I know D is more flexible but not completely ruling out A.

Adam Mar 2, 2026 6:38 pm

Probably D, since IaaS lets you spin up a big custom server cluster and do full OS and network tweaks, which is what you'd want for a scalability test. Official study guides stress IaaS for this kind of use case. Pretty sure that's right, but someone might see PaaS as tempting.

Be respectful. No spam.

Correct Answer:

Explanation

Infrastructure as a Service (IaaS) is the most appropriate model as it provides fundamental computing resources, including virtual servers, networking, and storage. This gives the engineering department the maximum level of control needed to provision a large cluster of servers (100+), install custom operating systems and dependencies, and deploy their in-house software for a comprehensive scalability test. The on-demand, pay-as-you-go nature of IaaS is ideal for a temporary, month-long project, allowing the company to access massive computing power without the capital expense of purchasing physical hardware.

Why Incorrect

A. PaaS abstracts the underlying server infrastructure, which would limit the team's ability to control the environment and install the specific software stack required for their test.

B. SaaS provides ready-to-use software applications, not the underlying infrastructure needed to test a company's own custom-developed software.

C. DBaaS is a specialized service for managing databases. It does not provide the general-purpose server cluster needed to run the application itself.

References

1. Mell

& Grance

T. (2011). The NIST Definition of Cloud Computing (NIST Special Publication 800-145). National Institute of Standards and Technology.

Page 2

Section "Infrastructure as a Service (IaaS)": "The capability provided to the consumer is to provision processing

storage

networks

and other fundamental computing resources where the consumer is able to deploy and run arbitrary software

which can include operating systems and applications." This directly supports the need to deploy in-house software on a large number of servers.

2. Armbrust

Fox

Griffith

Joseph

A. D.

Katz

Konwinski

Lee

Patterson

Rabkin

Stoica

& Zaharia

M. (2009). Above the Clouds: A Berkeley View of Cloud Computing (Technical Report No. UCB/EECS-2009-28). University of California

Berkeley.

Page 5

Section 3.1: Discusses how IaaS enables "pay-as-you-go" access to infrastructure

which is ideal for short-term

large-scale needs like the month-long test described

a use case often termed "batch processing" or "elastic computing."

3. Microsoft Azure Documentation. (n.d.). What is Infrastructure as a Service (IaaS)?

Section "Common IaaS business scenarios": "Test and development. Teams can quickly set up and dismantle test and development environments

bringing new applications to market faster. IaaS makes it quick and economical to scale up dev-test environments up and down." This explicitly validates using IaaS for temporary

large-scale testing.

Q: 6

Which of the following container storage types loses data after a restart?

Options

Discussion

FocusedAuditor8027 Feb 26, 2026 10:37 pm

Don’t think D is right. C is the one that loses data when the container restarts, since ephemeral storage isn’t meant to persist. Not 100% sure since wording can be tricky, but leaning C here.

Aaron E. Feb 27, 2026 10:38 pm

Why not D? Seen similar wording on official study guide and sometimes block storage is volatile depending on provision.

Taylor Feb 26, 2026 10:20 pm

C is correct. Ephemeral storage means data won't survive a container restart, it gets wiped out every time. The others (object, persistent, block) all keep data across restarts as far as containers go. Pretty confident here, but let me know if I'm missing something.

LeoQ Feb 14, 2026 9:12 pm

B , persistent volume sounds like it wouldn’t survive a restart so I’d pick that over C.

Adam I. Feb 23, 2026 4:12 pm

I don't think it's C. B (Persistent volume) should be the one since the word "persistent" can be misleading and trip up people who haven't dealt with container storage nuances. Let me know if you see it differently.

Luke R. Feb 26, 2026 7:21 pm

B tbh, since persistent volumes are usually used for storage that sticks around. Pretty sure that's the one that loses data if not configured right on restarts. Correct me if I'm off here.

Morgan Y. Feb 16, 2026 9:54 am

D , block storage might seem volatile if not configured persistent but it's not wiped just on restart.

Jason Mar 1, 2026 11:42 pm

Don’t think it’s B, that’s a common trap. Persistent volume actually keeps data through container restarts. Only C (ephemeral) gets wiped when the container stops or restarts. Seen similar on practice questions, pretty sure about this-disagree?

Adam R. Feb 28, 2026 2:47 pm

Yeah, it's definitely C. Ephemeral storage drops everything when you restart the container.

Jack S. Feb 23, 2026 7:53 pm

Option C Not totally sure since persistent volume sounds confusing, but ephemeral usually wipes out with a container restart, not the others.

Be respectful. No spam.

Correct Answer:

Explanation

Ephemeral storage, also known as container-scoped storage, is intrinsically tied to the lifecycle of a container. It exists as the container's writable layer. When a container is stopped, restarted, or deleted, this writable layer is destroyed, and any data written to it is permanently lost. This type of storage is suitable for temporary files or cache data that an application needs during its runtime but does not need to persist. The data does not survive a restart, which directly answers the question.

Why Incorrect

A. Object: Object storage is a persistent storage service external to the container. Data is managed as objects and is not lost when a container restarts.

B. Persistent volume: A persistent volume is an abstraction for a piece of storage that exists independently of a container's or pod's lifecycle, explicitly designed to preserve data.

D. Block: Block storage provides persistent volumes that can be attached to containers. The data on these volumes is independent of the container's lifecycle and survives restarts.

---

References

1. Kubernetes Documentation

"Volumes". The official Kubernetes documentation describes ephemeral volume types like emptyDir. It states

"When a Pod is removed from a node for any reason

the data in the emptyDir is deleted forever." This confirms that data in this type of volume is lost when the container's pod is terminated. (Source: Kubernetes.io

Concepts > Storage > Volumes

Section: emptyDir).

2. Docker Documentation

"Manage data in Docker". The official Docker documentation explains that data not stored in a volume is written to the container's writable layer. It clarifies

"The data doesn't persist when that container is no longer running

and it can be difficult to get the data out of the container if another process needs it." (Source: Docker Docs

Storage > Volumes > "Manage data in Docker").

3. Red Hat Official Documentation

"Understanding container storage". This vendor documentation distinguishes between ephemeral and persistent storage. For ephemeral storage

it notes

"The storage is tightly coupled with the container’s life cycle. If the container crashes or is stopped

the storage is lost." (Source: Red Hat Customer Portal

OpenShift Container Platform 4.10 > Storage > "Understanding container storage"

Section: "Ephemeral storage").

4. University of California

Berkeley

"CS 162: Operating Systems and System Programming"

Lecture 19: "Virtual Machines

Containers

and Cloud Computing". Course materials often describe the container file system as a series of read-only layers with a final writable layer for the specific container. This top writable layer is ephemeral and is discarded when the container is destroyed. (Reference concept covered in typical advanced OS/Cloud Computing university curricula).

Q: 7

An organization wants to ensure its data is protected in the event of a natural disaster. To support this effort, the company has rented a colocation space in another part of the country. Which of the following disaster recovery practices can be used to best protect the data?

Options

Discussion

Jack Feb 21, 2026 2:05 am

Guessing B for this one

Neha Feb 23, 2026 5:17 pm

Not B in this case, it's D. The key is the use of a different location for disaster recovery, which matches the definition of off-site. Replication sounds good but isn't directly what they're describing here.

Priya U. Mar 1, 2026 11:37 pm

D tbh, because off-site is what you get by renting space in another part of the country. Replication (B) sounds tempting, but just replicating on-prem wouldn’t cut it in a disaster. Off-site protects against regional events. Pretty confident unless I’m missing a detail.

Aaron S. Feb 19, 2026 6:20 am

Don’t think it’s B, since replication doesn’t guarantee geographic separation. D is the safe pick for disaster recovery.

Zoe A. Feb 16, 2026 7:18 pm

AvaO Feb 15, 2026 1:08 pm

Had something like this in a mock exam. D fits because off-site protection is about copying data to a different physical location, which is what the colocation setup is for. Replication (B) helps keep data current, but the main point here seems to be geographic separation for disaster recovery. Pretty sure it’s D, but open to corrections if someone sees it differently.

Sean D. Feb 24, 2026 1:39 pm

So if the priority is keeping data current, wouldn't B (Replication) be just as valid? Colocation helps, but replication actually keeps copies updated. I might be off, but feels like both are good in real DR planning.

Avery L. Feb 23, 2026 4:19 am

D makes sense here-off-site is all about having backups or systems in a separate location, especially for disaster situations. Saw a similar question in practice sets. Anyone disagree?

Sean Q. Feb 28, 2026 6:33 pm

D, Off-site fits here, since they're using a separate location for disaster recovery. Pretty sure that's what the question wants.

Ethan E. Feb 15, 2026 8:12 pm

Is the question asking specifically for storing backups, or does it focus on continuous access to live data? That could change if D or B fits best.

Be respectful. No spam.

Correct Answer:

Explanation

The core of the question is protecting data from a natural disaster by using a geographically separate facility. This practice is known as off-site disaster recovery. By renting a colocation space in another part of the country, the organization establishes a secondary location that is unlikely to be affected by the same disaster that impacts the primary site. This geographic separation is the fundamental principle of an off-site strategy, ensuring business continuity and data availability in the event of a regional catastrophe.

Why Incorrect

A. On-site: This practice involves keeping data backups or redundant systems at the same physical location as the primary data, offering no protection against a site-wide disaster like a fire or flood.

B. Replication: This is the process of copying data. While replication is a mechanism used to send data to an off-site location, "off-site" is the specific disaster recovery practice described in the scenario.

C. Retention: This refers to policies that dictate how long data is stored. Data retention is unrelated to the physical location of data for disaster recovery purposes.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-34 Rev. 1

Contingency Planning Guide for Federal Information Systems. Section 4.3.2

"Alternate Storage Site

" states: "An alternate storage site is used for storage of backup media... The site should be geographically separated from the primary site so as not to be susceptible to the same hazards." This directly supports the concept of using a geographically distant location (off-site) for disaster protection.

2. Amazon Web Services (AWS)

Disaster Recovery of Workloads on AWS: Recovery in the Cloud (July 2021). Page 6

in the section "Backup and Restore

" discusses storing backups in a separate AWS Region. It states

"By replicating your data to another Region

you can protect your data in the unlikely event of a regional disruption." This exemplifies the off-site practice in a cloud context.

3. Microsoft Azure Documentation

Disaster recovery and high availability for Azure applications. In the section "Azure services that provide disaster recovery

" it describes Azure Site Recovery

which "replicates workloads to a secondary location." The use of a secondary

geographically distinct location is the definition of an off-site strategy.

Q: 8

An administrator is setting up a cloud backup solution that requires the following features:

• Cost effective

• Granular recovery

• Multilocation

Which of the following backup types best meets these requirements?

Options

Discussion

Taylor Feb 21, 2026 8:40 pm

A . Trap is thinking "cloud" in B but A's off-site covers multi-location and gives full, incremental, differential for granular/cost needs.

Jordan Feb 28, 2026 6:39 pm

Option A since off-site plus full/incremental/differential gives you multilocation and cost efficiency.

Nathan X. Feb 26, 2026 1:57 pm

Option A saw an almost identical question in my exam last year and it was A for sure.

Piya Q. Feb 24, 2026 7:51 am

A covers off-site and the mix of full, incremental, differential checks the cost and granularity boxes. Pretty sure that's what they want.

Neha W. Feb 20, 2026 10:31 am

I remember seeing similar stuff in the official guide and the practice exams, and A checks all boxes. You get off-site storage for multilocation, plus full, incremental, and differential backups mean both cost savings and granular restores. Pretty sure A’s what they want.

Morgan E. Mar 2, 2026 6:29 pm

B or A? B says "cloud site" which feels right for multilocation, but it doesn't mention incremental. Without incremental, cost effectiveness could take a hit. I think A is technically better for all three needs, but open to other views if anyone interprets multilocation differently.

Sanjay F. Feb 13, 2026 11:17 pm

B tbh, but if multilocation means true geographic separation not just off-site then maybe A fits better.

Karan I. Feb 19, 2026 8:03 pm

I would pick B here. "Cloud site" sounds like a better fit for multilocation, and you still get full plus differential backups for some restore flexibility. Not totally sure since granular recovery may not be as good without incrementals. Agree?

Nathan M. Feb 25, 2026 9:42 pm

Drew Mar 1, 2026 9:42 am

Had something like this in a mock, went with A. Off-site gives the multilocation part, and full/incremental/differential gives lots of restore points without blowing up costs. None of the others tick all three boxes.

Be respectful. No spam.

Correct Answer:

Explanation

The optimal backup solution must meet three criteria: cost-effectiveness, granular recovery, and multilocation storage.

1. Multilocation: An off-site or cloud-based storage solution is essential for disaster recovery, satisfying the multilocation requirement by storing data in a geographically separate location from the primary site.

2. Cost-Effective & Granular Recovery: A strategy combining full, incremental, and differential backups provides the most flexibility. Incremental backups are highly cost-effective as they only copy data that has changed since the last backup of any type, minimizing storage space and network bandwidth usage—key cost drivers in the cloud. All three backup types (full, incremental, differential) support the granular recovery of specific files or data points. This combination offers the best balance of recovery speed, storage cost, and data granularity.

Why Incorrect

B. Cloud site, full, and differential

This option is less cost-effective than a strategy that includes incremental backups, which consume less storage and bandwidth for frequent backups.

C. On-site. full, and incremental

On-site storage fails the multilocation requirement, as it does not protect against a site-wide disaster (e.g., fire, flood) affecting the primary data and its backup.

D. On-site. full, and differential

On-site storage fails the multilocation requirement, offering no protection from localized disasters that could destroy both the original data and the backup.

---

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-34 Rev. 1

Contingency Planning Guide for Federal Information Systems.

Section 3.4.2.1

"Backup Types": This section details full

differential

and incremental backups. It explains that incremental backups copy data modified since the last backup

making them efficient. "Incremental backups are the most efficient because they copy the least amount of data." (Page 29).

Section 3.4.2.2

"Off-site Storage": This section explicitly states

"To protect against a disaster that could damage the primary facility...backup media should be stored at an off-site location." (Page 30). This supports the "multilocation" requirement.

2. Amazon Web Services (AWS) Documentation

How AWS Backup works.

"Backups" section: The documentation explains that AWS Backup leverages the native snapshot capabilities of services like Amazon EBS

which are incremental. "The first snapshot of a volume is always a full snapshot. Subsequent snapshots of the same volume are incremental... This saves on storage costs because data is not duplicated." This directly links the incremental method to the "cost-effective" requirement in a cloud context.

3. Microsoft Azure Documentation

About Azure VM backup.

"Backup process" section: The documentation states

"For Azure VMs

the initial backup is a full backup... Subsequent backups are incremental." This highlights that major cloud providers use incremental backups as a standard

cost-effective practice for virtual machine protection.

Q: 9

A systems administrator is provisioning VMs according to the following requirements: · A VM instance needs to be present in at least two data centers. . During replication, the application hosted on the VM tolerates a maximum latency of one second. · When a VM is unavailable, failover must be immediate. Which of the following replication methods will best meet these requirements?

Options

Discussion

Nina Feb 27, 2026 4:46 am

I get why some people might pick D but with "immediate" failover and max 1s latency, it’s really got to be C.

Leo Feb 16, 2026 7:54 am

C is the way to go here since live replication is the only method that meets both the sub-1 second latency and immediate failover needs. Point-in-time and snapshots just can't keep up for instant cutover. Pretty sure about this, but open to pushback.

Meera D. Feb 22, 2026 12:45 am

Why does D keep coming up? With "immediate" failover, isn't C really the only option?

Drew V. Feb 17, 2026 9:04 am

Its C for sure. Snapshot and point-in-time both add recovery delay, but live replication keeps both VMs hot. Open to other views.

Sanjay Feb 22, 2026 2:16 pm

B or D. I think transactional replication (B) could fit here since it can keep data consistent and may stay within a 1-second window. Also, point-in-time (D) is often used for fast recovery, especially if snapshots are frequent. Not totally sure though, since "immediate" failover might be a trick and favor live, but I've seen practice questions use B or D when the scenario wasn't super strict.

Ravi F. Mar 4, 2026 7:40 am

Pretty sure it's C here. Live replication actually means real-time syncing so failover is instant, which matches the "immediate" requirement. Snapshot and point-in-time have delay, transactional's a trap because it doesn't guarantee zero lag in failover.

DirectAuditor235 Feb 16, 2026 5:55 pm

C Live

Quinn U. Feb 24, 2026 12:28 am

A is wrong, C matches best. Immediate failover and 1s max latency both rule out snapshot or point-in-time-those always introduce restore delays. Only live (C) keeps VMs hot at both sites, but I guess in weird setups with async pipes D could nearly fit.

Luna Feb 20, 2026 8:21 am

C vs D. If "immediate" means zero or near-zero recovery time, then only C (live replication) actually works since point-in-time recovery always has some lag. But if there was even a slight grace period on failover, D could be an option. Seen similar scenarios trip people on exam drills. Pretty sure it's C for strict uptime.

EmmaQ Feb 26, 2026 6:44 pm

I don’t see D fitting here. C is what you want for immediate failover and tight latency, point-in-time just isn’t fast enough.

Be respectful. No spam.

Correct Answer:

Explanation

The requirements for immediate failover and a maximum replication latency of one second necessitate a continuous, near-real-time data protection strategy. Live replication, often implemented as synchronous or near-synchronous replication, continuously transmits data changes from the primary VM to a replica in a secondary data center as they occur. This method ensures the replica is always in a consistent and up-to-date state, enabling an immediate and automated failover with a Recovery Point Objective (RPO) of near-zero. This directly meets the stringent availability and low-latency demands described in the scenario for mission-critical applications.

Why Incorrect

A. Snapshot: Snapshot replication is periodic, creating copies at discrete intervals. This method cannot meet the immediate failover or sub-second latency requirements due to inherent data loss (RPO) between snapshots.

B. Transactional: Transactional replication is a database-specific technology that replicates database transactions. It does not apply to the entire virtual machine state, including the operating system and application files.

D. Point-in-time: This is a general term for creating a copy of data as it existed at a specific moment, which includes snapshots. It is not a continuous process and cannot support immediate failover.

References

1. VMware

Inc. (2023). vSphere Storage Documentation

Administering vSphere Virtual Machine Storage

Chapter 8: Virtual Machine Storage Policies. VMware. In the section "Site disaster tolerance

" the documentation explains that synchronous replication provides the highest level of availability with a Recovery Point Objective (RPO) of zero

which is essential for immediate failover scenarios. This aligns with the concept of "live" replication.

2. Kyriazis

et al. (2013). Disaster Recovery for Infrastructure-as-a-Service Cloud Systems: A Survey. ACM Computing Surveys

46(1)

Article 10. In Section 3.2

"Replication Techniques

" the paper contrasts synchronous and asynchronous replication. It states

"Synchronous replication... offers a zero RPO... suitable for mission-critical applications with low tolerance for data loss." This supports the choice of a live/synchronous method for immediate failover. https://doi.org/10.1145/2522968.2522978

3. Microsoft Corporation. (2023). Azure Site Recovery documentation

About Site Recovery. Microsoft Docs. The documentation describes "continuous replication" for disaster recovery of VMs

which provides minimal RPOs. While specific RPO values vary

the principle of continuous or "live" data transfer is fundamental to achieving the low latency and immediate failover required.

Q: 10

The performance of an e-commerce website decreases dramatically during random periods. The IT team is evaluating available resources to mitigate the situation. Which of the following is the best approach to effectively manage this scenario'?

Options

Discussion

JordanJ Feb 15, 2026 3:17 pm

C/D? If the slowdowns really are random, D (automatic elasticity) is probably the best. If there was any timing pattern at all, C could work too. Not 100% sure though.

ThoughtfulSec6279 Feb 28, 2026 7:11 am

D , official guide and labs both cover elasticity for sudden spikes like this. Pretty common on practice exams too.

Piya F. Feb 21, 2026 2:45 pm

D imo, that's what auto elasticity is for. Handles unpredictable spikes without manual work. Pretty sure that's the best fit here.

ParkerE Feb 23, 2026 5:15 pm

B tbh. Adding more servers should help with spikes even if it's not as dynamic, right?

Ava Feb 24, 2026 7:37 pm

D, Best way to handle random slowdowns is letting elasticity do its thing automatically. Pretty sure this matches most cloud exam stuff.

MethodicalArchitect5406 Feb 20, 2026 5:09 pm

I feel like C fits because you can schedule resources ahead, maybe it's just not for every random case.

Ethan Mar 3, 2026 12:16 pm

Daniel Feb 28, 2026 7:10 am

Call it C since scheduling resource allocation can help with predictable performance issues, but not 100% sure with random spikes.

MethodicalLearner7568 Feb 22, 2026 5:48 am

C or D, but since the question says "random" periods and not scheduled spikes, D (automatic elasticity) is the only one that really covers all edge cases. If there was any pattern, then C could work too. Pretty sure D here.

Sara X. Feb 26, 2026 4:48 pm

Not B, D fits better. Adding servers or migrating hosts doesn't solve random/spiky demand efficiently. Automatic elasticity adapts resources instantly, which is key for unpredictable usage. Trap here is thinking more hardware always helps.

Be respectful. No spam.

Correct Answer:

Explanation

The scenario describes an e-commerce website with performance degradation during "random periods," indicating unpredictable traffic spikes. Automatic elasticity is a fundamental cloud computing characteristic designed specifically for this use case. It allows the system to automatically scale resources (e.g., compute instances) up or down based on real-time demand, monitored through metrics like CPU utilization or network traffic. This ensures that the website has sufficient resources to maintain performance during unexpected surges and scales down to reduce costs when the demand subsides. This dynamic and automated approach is the most effective and efficient way to manage variable workloads.

Why Incorrect

A. Migrating to a dedicated host: This provides a fixed amount of resources. It does not dynamically scale to meet random demand and can lead to either under-provisioning or costly over-provisioning.

B. Purchasing additional servers: This is a static, capital-intensive solution. It lacks the agility to respond to real-time, random fluctuations in traffic and is not a typical cloud approach.

C. Scheduling resource allocation: This method is only effective for predictable, cyclical traffic patterns (e.g., daily or weekly peaks), not for the "random periods" mentioned in the question.

References

1. Mell

& Grance

T. (2011). The NIST Definition of Cloud Computing (Special Publication 800-145). National Institute of Standards and Technology. On page 2

under "Essential Characteristics

" it defines Rapid elasticity: "Capabilities can be elastically provisioned and released

in some cases automatically

to scale rapidly outward and inward commensurate with demand."

2. Armbrust

Fox

Griffith

Joseph

A. D.

Katz

Konwinski

... & Zaharia

M. (2010). A view of cloud computing. Communications of the ACM

53(4)

50-58. In Section 3.1

"Elasticity and the Illusion of Infinite Resources

" the UC Berkeley authors state

"Cloud Computing gives the illusion of infinite computing resources available on demand... This elasticity of resources

without paying a premium for large scale

is unprecedented in the history of IT." This directly addresses the need to handle variable demand effectively. DOI: https://doi.org/10.1145/1721654.1721672

3. Vaquero

L. M.

Rodero-Merino

Caceres

& Lindner

M. (2008). A break in the clouds: towards a cloud definition. ACM SIGCOMM Computer Communication Review

39(1)

50-55. In Section 3

"A Proposed Definition

" the paper highlights elasticity as a key property

stating that it "allows for the dynamic reconfiguration of the infrastructure according to the service's needs." This supports the use of elasticity for managing fluctuating performance requirements. DOI: https://doi.org/10.1145/1496091.1496100

Question 1 of 20 · Page 1 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE