Back to CompTIA Cloud+ CV0-004 questions

Scenario-based practice

Hard Difficulty Questions

Practise CompTIA Cloud+ CV0-004 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CV0-004
exam code
CompTIA
vendor

Scenario guide

How to approach hard difficulty questions

These are the questions most candidates get wrong. They require connecting multiple concepts, reading tricky output, or knowing edge-case behaviour that isn't on most study cards. Practising them trains you to operate under uncertainty — a necessary skill on the real exam.

Quick answer

Hard Difficulty Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CV0-004 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full VPN explanation →

A company uses a hybrid cloud model with an on-premises data center and a public cloud. The network team reports that traffic between the cloud and on-premises is experiencing high latency and packet loss. The cloud administrator verifies that the VPN connection is up. What is the most likely cause?

Question 2hardmultiple choice
Full question →

A cloud engineer is troubleshooting a web application that is not responding. The engineer examines the serial console output of the web-server instance and finds the error shown in the exhibit. What is the MOST likely cause of this issue?

Exhibit

Refer to the exhibit.

```
$ gcloud compute instances list
NAME        ZONE        MACHINE_TYPE  PREEMPTIBLE  STATUS
web-server  us-east1-b  e2-medium     true         RUNNING
db-server   us-east1-b  e2-standard-2               STOPPED

$ gcloud compute instances describe web-server --format='get(status,serviceAccounts.email)'
status: RUNNING
serviceAccounts.email: default@project.iam.gserviceaccount.com

$ gcloud compute instances get-serial-port-output web-server
...
[   10.123456] cloud-init: User data script started
[   10.654321] cloud-init: ERROR: Failed to fetch metadata from metadata server
...
```
Question 3hardmultiple choice
Review the full routing breakdown →

A company has a cloud environment with multiple VPCs that need to communicate with each other using private IP addresses. The company wants a centrally managed solution that simplifies routing and security. Which networking architecture should the architect implement?

Question 4hardmultiple choice
Full question →

A company is implementing a cloud governance strategy. They need to ensure that all resources are tagged with cost center and environment, and any untagged resources are automatically remediated. Which of the following best practices should be applied?

Question 5hardmultiple choice
Review the full routing breakdown →

A cloud administrator is troubleshooting connectivity issues between two virtual networks in a public cloud. The networks are in the same region but different VPCs. Both VPCs have route tables and security groups configured. Instances in VPC A cannot ping instances in VPC B. Which of the following is the most likely cause?

Question 6hardmulti select
Full question →

A cloud engineer is troubleshooting a performance issue where a web server cluster experiences high latency during peak hours. The cluster uses an auto-scaling group behind a load balancer. Which THREE steps should the engineer take to identify the root cause?

A cloud administrator is troubleshooting a performance issue in a virtualized environment. Which TWO metrics should be monitored to identify CPU contention on the hypervisor?

Question 8hardmultiple choice
Full question →

A company uses a cloud-based load balancer to distribute traffic to a fleet of web servers. Users report intermittent timeouts. The administrator reviews the load balancer logs and notices that one backend server has a significantly higher error rate than the others. Which of the following is the BEST course of action?

Question 9hardmulti select
Full question →

A cloud administrator is reviewing the security posture of a cloud deployment. The company has a policy of least privilege and must ensure that only authorized services can access storage buckets. Which THREE mechanisms should the administrator configure to enforce this policy? (Choose three.)

Question 10hardmulti select
Full question →

A company is migrating on-premises workloads to the cloud. They need to ensure high availability for a stateless web application across two availability zones. Which THREE components should be configured to meet this requirement?

Question 11hardmultiple choice
Full question →

A company is deploying a critical financial application on a private cloud. The compliance team requires that all data at rest be encrypted with a key managed by the company's hardware security module (HSM). The cloud architect must select a storage solution that supports customer-managed keys and integrates with the existing HSM. Which storage option should the architect choose?

Question 12hardmultiple choice
Full question →

A cloud administrator is troubleshooting a performance issue where an application running on a VM in a private cloud is experiencing high latency. The VM is connected to a virtual switch that uses SR-IOV. The administrator suspects network bottlenecks. Which of the following is the MOST likely cause of the latency?

Question 13hardmultiple choice
Read the full NAT/PAT explanation →

A company runs a critical e-commerce application on AWS. The architecture includes an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances across two Availability Zones. The instances are in a private subnet and use a NAT Gateway for outbound internet access. The application stores session data in an ElastiCache Redis cluster. During a flash sale, users report that the site is extremely slow and some requests time out. Monitoring shows the ALB's latency metric is high, and the number of healthy hosts fluctuates. The CPU utilization on the EC2 instances averages 60% and memory averages 70%. The Redis cluster's CPU utilization is 90%, and its memory usage is 95%. The NAT Gateway's metrics show high BytesOutToSource but no errors. Which of the following is the most likely cause of the performance issue?

Question 14hardmultiple choice
Review the full subnetting walkthrough →

A cloud administrator is deploying a critical application that requires the lowest possible latency between compute instances. The instances will be running in a private subnet and must communicate with each other using their private IP addresses. Which of the following deployment configurations would best meet these requirements?

Question 15hardmultiple choice
Review the full subnetting walkthrough →

A company has a hybrid cloud environment with on-premises servers and AWS. They deploy a new application using AWS Elastic Beanstalk with a load balancer and auto scaling group. The application is a Node.js API that connects to an RDS MySQL database. After deployment, users report that the API returns a '500 Internal Server Error' intermittently. The application logs show 'ETIMEDOUT' errors when connecting to the database. The database is deployed in a private subnet with a security group that allows inbound traffic from the Elastic Beanstalk environment's security group. The database connection string uses the RDS endpoint. The same application works perfectly when deployed on-premises. What is the most likely cause?

Question 16hardmultiple choice
Full question →

A cloud architect must design a deployment for a containerized microservices application. The requirements include automated scaling based on CPU utilization, rolling updates with zero downtime, and service discovery. Which orchestration feature should be used?

Question 17hardmultiple choice
Read the full VPN explanation →

A cloud administrator is managing a hybrid cloud environment where on-premises servers connect to a public cloud VPC via a site-to-site VPN. Users report intermittent connectivity issues to cloud resources. The administrator examines the VPN tunnel logs and sees 'Phase 2 negotiation failed' errors. Which of the following is the MOST likely cause?

Question 18hardmultiple choice
Full question →

A company is migrating a legacy application to a public cloud. The application requires a static IP address for licensing. The security team insists on encrypting all traffic between the application and the database. Which of the following should the cloud architect implement?

Question 19hardmultiple choice
Full question →

A cloud administrator is troubleshooting connectivity to a web server running on a Linux VM. The web server is configured to listen on ports 80 (HTTP) and 443 (HTTPS). The administrator runs the iptables command shown in the exhibit. Based on the output, what is the MOST likely reason that external users cannot access the web server on port 443?

Exhibit

Refer to the exhibit.

# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
 100  12000 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  50   6000 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
  20   2400 ACCEPT     tcp  --  eth0   *       10.0.0.0/8           0.0.0.0/0            tcp dpt:443
  10   1200 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
Question 20hardmultiple choice
Full question →

A company uses a hybrid cloud model with an AWS Direct Connect connection to its on-premises network. Users report intermittent connectivity to cloud resources. A network engineer finds packet loss on the Direct Connect virtual interface. Which of the following should be checked FIRST to resolve the issue?

These CV0-004 practice questions are part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style CV0-004 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.