Practice CV0-004 Cloud Architecture and Design questions with full explanations on every answer.
Start practicing
Cloud Architecture and Design — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company is migrating a legacy on-premises application to a public cloud. The application currently uses a single monolithic architecture and relies on a local file system for storage. The cloud architect needs to redesign the application to take advantage of cloud-native features. Which design principle should the architect prioritize to ensure scalability and resilience?
2A cloud architect is designing a multi-tier web application in a cloud environment. The application must handle unpredictable traffic spikes while minimizing costs. The architect decides to use auto-scaling groups for the web tier and a managed database service for the data tier. Which additional design consideration is MOST important to ensure the application remains available during a regional outage?
3A company is deploying a critical financial application on a private cloud. The compliance team requires that all data at rest be encrypted with a key managed by the company's hardware security module (HSM). The cloud architect must select a storage solution that supports customer-managed keys and integrates with the existing HSM. Which storage option should the architect choose?
4A cloud engineer is troubleshooting a performance issue in a virtualized environment. A critical application is running slowly, and the engineer suspects resource contention. The host server has 32 vCPUs and 256 GB of RAM, running four VMs. Which tool should the engineer use to determine if CPU ready time is causing the performance degradation?
5A cloud architect is designing a disaster recovery plan for a cloud-based application. The primary site is in a cloud region, and the recovery site is in a different geographic region. The application uses a relational database with synchronous replication. The recovery time objective (RTO) is 1 hour, and the recovery point objective (RPO) is 15 minutes. Which replication strategy BEST meets these objectives?
6A cloud architect is designing a hybrid cloud environment that connects an on-premises data center to a public cloud. The architect needs to ensure secure, low-latency connectivity and isolate traffic between different business units. Which TWO solutions should the architect implement? (Choose two.)
7A cloud administrator is reviewing the security posture of a cloud deployment. The company has a policy of least privilege and must ensure that only authorized services can access storage buckets. Which THREE mechanisms should the administrator configure to enforce this policy? (Choose three.)
8A company is migrating its on-premises e-commerce application to a public cloud. The application consists of a stateless web tier, a stateful application tier that stores session data in memory, and a relational database. The migration must ensure high availability, scalability, and minimal downtime during cutover. The cloud provider offers load balancers, auto-scaling groups, managed database services, and caching services. The current on-premises architecture uses a single web server, a single application server, and a single database server. The application tier stores session data in local memory, which is lost if the server fails. The team needs to redesign the architecture to be cloud-native. Which of the following is the BEST course of action?
9A company is migrating its on-premises application to the cloud and needs to ensure high availability. The application requires a stateless web tier and a stateful database tier. Which design approach BEST meets these requirements?
10A cloud architect is designing a multi-tier application that must meet a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 1 hour. Which disaster recovery strategy is MOST cost-effective while meeting these requirements?
11A company has a cloud environment with multiple VPCs that need to communicate with each other using private IP addresses. The company wants a centrally managed solution that simplifies routing and security. Which networking architecture should the architect implement?
12An architect is designing a cloud application that must handle unpredictable spikes in traffic. The application should automatically add resources during peak demand and remove them when demand decreases to minimize costs. Which scaling strategy should be used?
13Order the steps to configure a load balancer to distribute traffic across multiple web servers.
14Order the steps to migrate an on-premises database to a cloud-managed database service (e.g., RDS, Cloud SQL).
15Match each cloud deployment model to its description.
16Match each cost management concept to its description.
17A startup is deploying a web application on a public cloud and expects variable traffic throughout the day. The team wants to minimize costs while ensuring that the application can handle sudden spikes in demand. Which scaling strategy best meets these requirements?
18A company is migrating its on-premises application to the cloud and wants to ensure high availability across multiple geographic regions. The application consists of stateless web servers and a stateful database. Which architecture should the company implement?
19A financial services company must store sensitive customer data in the cloud. The compliance team requires that data at rest be encrypted using customer-managed keys (CMK), and that the keys are rotated every 90 days. Additionally, the cloud provider must not have access to the keys. Which key management solution should the company choose?
20A company is designing a cloud architecture that must meet a recovery time objective (RTO) of 4 hours and a recovery point objective (RPO) of 1 hour for a critical database. The database is 500 GB and runs on a virtual machine. Which backup strategy should be used?
21A company is deploying a containerized microservices application on a cloud platform. The operations team needs to manage secrets, such as database credentials and API keys, securely without embedding them in container images. Which solution should they use?
22A company has a hybrid cloud environment where on-premises servers communicate with cloud resources via a VPN connection. The network team notices intermittent connectivity issues and packet loss. The VPN tunnel is established, but performance is degraded. Which step should the team take first to diagnose the issue?
23A company plans to use a public cloud to host a static website with minimal configuration. The website content is stored in an object storage bucket. Users access the site via a custom domain name. Which cloud service should the company use to serve the content with low latency globally?
24An organization is designing a cloud architecture for a data analytics workload that processes large datasets. The workload is CPU-intensive and runs once per day. The company wants to minimize costs. Which compute model should be used?
25A company is migrating a legacy monolithic application to a microservices architecture on the cloud. The application has tight coupling and shared database schemas. Which migration strategy should the company adopt to reduce risk and enable iterative migration?
26Which TWO factors should be considered when selecting a cloud region for deploying a latency-sensitive application serving a global user base?
27Which THREE design principles are fundamental to building a highly available cloud architecture?
28Which TWO are best practices for designing a multi-tenant SaaS application on a public cloud?
29A company is migrating a web application to the cloud. The application requires low latency and high availability across multiple geographic regions. Which cloud deployment model BEST meets these requirements?
30A cloud architect is designing a multi-tier application on a public cloud. To minimize costs while maintaining performance for variable workloads, the architect decides to use a mix of reserved and spot instances. Which design principle is being applied?
31An organization must comply with a regulation requiring that all data stored in the cloud be encrypted at rest using a cloud provider's native encryption service. The company also needs to maintain control over the encryption keys. Which solution should the architect recommend?
32A company wants to deploy a cloud application that requires predictable performance and dedicated resources for a critical database. Which cloud service model is MOST appropriate?
33A cloud architect is planning a disaster recovery (DR) strategy for a mission-critical application. The RTO must be under 1 hour and RPO under 15 minutes. The primary site is in a different region. Which DR pattern meets these requirements?
34A company is moving a legacy monolithic application to the cloud. The application has interdependencies that make it difficult to refactor. The architect needs to minimize changes while gaining cloud benefits like elasticity and pay-as-you-go. Which migration strategy is BEST?
35A cloud administrator needs to design a storage solution that provides block-level access for a database server and must be highly durable. Which storage type should be used?
36An organization is designing a cloud architecture that must be fault-tolerant within a single region. The architect decides to deploy application instances in multiple Availability Zones (AZs). Which cloud characteristic is being leveraged?
37A company uses a public cloud provider and has a requirement that all data must be encrypted in transit and at rest. The architect notices that the cloud provider's load balancer terminates TLS and forwards traffic to backend instances over HTTP. Which design change should the architect make?
38Which TWO characteristics are essential for a cloud service to be considered as a true Infrastructure as a Service (IaaS) offering?
39Which THREE factors should be considered when selecting a cloud region for deploying a globally distributed application to minimize latency?
40Which TWO design patterns can help a cloud architect achieve a Recovery Time Objective (RTO) of less than 5 minutes for a critical application?
41A company is migrating a legacy application to the cloud. The application requires low-latency access to a shared filesystem that must be accessible from multiple virtual machines simultaneously. Which storage solution should the cloud architect recommend?
42A cloud architect is designing a multi-tier web application that must handle sudden traffic spikes. The application layer is stateless, and the database layer is read-heavy with occasional writes. Which design best meets the requirement for elasticity and cost efficiency?
43A company runs a critical application on a cloud VM that must achieve a 99.99% monthly uptime SLA. The VM is deployed in a single availability zone. The current architecture has no redundancy. What is the most effective design change to meet the SLA requirement?
44A cloud architect is selecting a deployment model for a workload that has strict data sovereignty requirements; data must remain within the company's on-premises data center. Which cloud deployment model should be chosen?
45A company is designing a disaster recovery plan for its cloud infrastructure. The primary site is in US-East, and the DR site is in US-West. The RPO is 15 minutes, and the RTO is 2 hours. Which replication strategy best meets these requirements at the lowest cost?
46An organization uses a cloud-based infrastructure with multiple VPCs peered together. The security team notices that traffic between VPCs is not being inspected by the central firewall. What design change should be implemented to ensure all inter-VPC traffic passes through a centralized firewall?
47A cloud architect needs to choose a compute service for a batch processing job that runs once a day and takes about 30 minutes. The job is CPU-intensive and can tolerate interruptions. Which compute option is the most cost-effective?
48Which TWO of the following are benefits of a multi-cloud strategy? (Select exactly two.)
49Which THREE of the following are key considerations when designing a cloud-native application for high availability? (Select exactly three.)
50Which TWO of the following are characteristics of a hybrid cloud deployment? (Select exactly two.)
51A cloud architect reviews the above IAM policy attached to a user. What is the effect of this policy on the user's ability to stop or terminate instances?
52A company runs an e-commerce platform on a public cloud. The architecture consists of a front-end load balancer, a web server tier, and an RDS database. The web servers are in an auto-scaling group across two availability zones. The database is a single Multi-AZ deployment. After a recent traffic surge, the web servers scaled but the database CPU utilization reached 90%, causing slow page loads. The database is a db.r5.large instance with 16 GB RAM and 2 vCPUs. The company expects double the traffic during the upcoming holiday season. The budget is limited. Which action should the cloud architect take to address the database bottleneck while minimizing cost?
53A company is migrating a monolithic application to microservices on a cloud platform. The current application uses a single relational database. The migration plan involves decomposing the application into several services, each with its own database (polyglot persistence). One service handles high-volume time-series data, another handles user profiles, and a third handles transactions. The architect must ensure data consistency across services for user profile updates that affect other services. Which approach should be used to maintain data consistency without tight coupling?
54A company uses a cloud provider's container orchestration service (e.g., EKS, AKS, GKE) to run a set of microservices. The current cluster uses three worker nodes, each of size m5.large (2 vCPU, 8 GB RAM). The operations team notices that CPU utilization on the worker nodes averages 80% during peak hours, and some pods are being evicted due to resource pressure. The team wants to ensure that the cluster can handle a 50% increase in traffic without performance degradation. Which action should the cloud architect take?
55A company is designing a cloud network architecture for a three-tier application. The web tier must be accessible from the internet, the application tier should only be accessible from the web tier, and the database tier should only be accessible from the application tier. The company uses a single VPC with multiple subnets. The security team requires that all traffic between tiers be encrypted in transit. The architect proposes using security groups and network ACLs. Which combination of security group rules meets these requirements while following the principle of least privilege?
56A company operates a hybrid cloud environment with on-premises servers and a public cloud provider. They use AWS for compute and storage. Their application requires low-latency access to on-premises databases. They set up a Direct Connect link between their data center and AWS. Recently, users report slow application performance. Cloud engineers notice increased latency on the Direct Connect link. The on-premises network team confirms no issues with their internal network. The application uses jumbo frames on the on-premises side for optimized performance. The virtual interface on the AWS side is configured with a default MTU of 1500. Which of the following is the MOST likely cause of the increased latency?
57A cloud architect is designing a multi-tier application that must remain available during a single Availability Zone failure. Which TWO design principles should the architect apply?
58Refer to the exhibit. An IAM policy is attached to a group that includes engineers. An engineer attempts to start a stopped EC2 instance that has tags {Environment: development, Project: alpha}. What will happen?
59A cloud architect manages a hybrid cloud environment where on-premises workloads are being migrated to a public cloud provider. The company uses a cloud-native container orchestration platform (e.g., Amazon EKS) for microservices. Recently, a critical application experienced intermittent connectivity failures between microservices during peak hours. The architect observes that the Kubernetes cluster uses a Calico network plugin with BGP peering to on-premises routers. The cluster nodes are spread across three Availability Zones, and the application pods communicate across zones. The architect also notes that the BGP session between the cluster and on-premises routers uses a single physical interface per node, and the on-premises routers have equal-cost multipath (ECMP) configured for the cluster node IPs. During peak hours, the on-premises routers experience high CPU utilization, and some BGP flaps occur. Which of the following is the MOST effective solution to improve connectivity reliability?
The Cloud Architecture and Design domain covers the key concepts tested in this area of the CV0-004 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CV0-004 domains — no account required.
The Courseiva CV0-004 question bank contains 59 questions in the Cloud Architecture and Design domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Cloud Architecture and Design domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included