CV0-004 Domain 2: Cloud Security

Two designs were proposed. Design A would apply IAM least privilege in cloud. Design B would encrypt data at rest in cloud. The team must pick the approach aligned with vendor best practices. Which choice is correct?

Multiple choice — select one answer

Answer choices

  1. a. Role-based access with regular reviews
  2. b. Pipeline scanning before deploy
  3. c. VPC/VNet subnets and security groups
  4. d. Provider-managed encryption and customer keys

Architectural breakdown & explanation

Least privilege limits blast radius. Compare with Provider-managed encryption and customer keys: Encryption protects stored data.

Correct answer(s): a. Role-based access with regular reviews

Exam domain: Domain 2: Cloud Security (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA Cloud+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.