Hard CV0-004 practice questions
Challenge — multi-step scenarios, trade-offs, and subtle distinctions. 17 hard questions available — no sign-up, always free.
A financial services company runs its primary application in a single cloud region. Regulatory requirements mandate a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour in the event of a full regional outage. The business wants to minimize ongoing cost while still meeting these targets. Which disaster recovery design best satisfies these requirements?
After deploying a new stateful firewall appliance in front of a two-subnet application tier, users report that some TCP connections to the web servers hang and eventually time out, while others succeed. Packet captures on the web servers show inbound SYN packets arriving and the servers sending SYN-ACK responses, but the clients never receive them. The firewall logs show the SYN packets passing through, but no matching entry for the return SYN-ACK traffic. What is the MOST likely root cause?
A retail company runs its e-commerce platform on cloud VMs. Historical data shows normal traffic requires 20 VMs, but during a 6-week holiday season demand triples and remains sustained at that level for the entire period with little day-to-day variability. The finance team wants to minimize compute cost while guaranteeing capacity is available throughout the peak. Which capacity planning approach best meets these requirements?
A financial services company must store the root encryption keys for its payment processing platform in the cloud. Regulatory auditors require that the keys never leave a FIPS 140-2 Level 3 validated hardware boundary and that the cloud provider itself has no ability to access or export the key material. Which key management approach should the cloud engineer implement?
A production application VM on a shared-tenancy public cloud instance is experiencing intermittent performance degradation. The guest OS reports low CPU utilization (around 30%), yet application response times are slow and requests occasionally time out. When you review the hypervisor-level metrics, you notice a consistently high 'CPU steal time' value. What is the MOST likely cause of the degradation?
A healthcare company stores patient records in a cloud provider's managed object storage. Compliance auditors require that even the cloud provider's own administrators and support staff be technically incapable of decrypting the data, and the company must retain full control over the encryption keys within their on-premises facility. Which approach best satisfies this requirement?
A cloud operations engineer configures a monitoring dashboard for a customer-facing API. The dashboard displays CPU utilization aggregated as a 5-minute average and shows steady values around 45%. However, users report intermittent timeouts, and support tickets indicate slow responses during brief periods. The underlying compute instances autoscale on CPU, but scaling rarely triggers. What is the MOST likely reason the dashboard fails to reveal the problem, and what should the engineer change?
A cloud engineer deploys a new version of a web application behind a load balancer. Immediately after deployment, users report intermittent HTTP 502 errors. The load balancer health checks show all backend instances as healthy, and CPU, memory, and network metrics on the instances are well within normal ranges. Application logs on the instances show requests being served successfully with 200 responses, but the load balancer access logs record a mix of 200 and 502 responses. Following a structured troubleshooting methodology, what is the MOST likely cause of the 502 errors?
A gaming company runs a multiplayer platform with active players across North America, Europe, and Asia. Player state (inventory, progress) must be written and read with low latency in each region, and the application requires that writes in any region be acknowledged locally without waiting for a distant primary. The team wants a managed database design that keeps write latency low for all regions simultaneously. Which database design best meets this requirement?
After a routine deployment, users intermittently receive HTTP 502 Bad Gateway errors from an application behind a cloud load balancer. The load balancer health checks pass most of the time, backend instances show low CPU and memory, and the application logs show no exceptions. However, the load balancer access logs reveal that failed requests correspond to entries where the backend response time exceeds the load balancer's configured idle/response timeout. Which action is the MOST appropriate next step to resolve the errors?
A microservice running on cloud VMs uses the instance metadata service to retrieve temporary IAM credentials on every outbound API call. During peak traffic, developers report intermittent authorization failures, and application logs show HTTP 429 responses when the service queries the metadata endpoint. IAM permissions and role trust policies are confirmed correct. What is the MOST likely root cause?
A cloud-hosted REST API intermittently returns HTTP 504 errors during peak traffic. The application servers show low CPU and memory usage, but the managed database shows a spike in 'active connections' that plateaus at exactly 100. Application logs show 'timeout acquiring connection from pool' entries that correlate with the 504 responses. What is the MOST likely root cause?
After migrating an application to a cloud VPC connected to the corporate data center over an IPSec VPN, users report that small requests (logins, health checks) succeed, but file uploads and large API responses hang and eventually time out. A packet capture shows large packets are being sent but never acknowledged, while small packets flow normally. Which is the MOST likely root cause?
A financial services company runs a monolithic relational database that has become the bottleneck for a rapidly growing transaction-processing application. Read replicas have already been added, but the primary node is now saturated by write throughput during peak trading hours, and vertical scaling has reached the largest available instance size. The architecture team must design a solution that allows write capacity to scale beyond a single node. Which approach BEST meets this requirement?
A development team is designing a data-transformation pipeline using a Functions-as-a-Service (FaaS) platform. Each invocation processes a single file and typically runs for 45 seconds, but the team notices that some functions are timing out at the default 60-second limit and others are running out of memory. They want to reduce both timeouts and cost. Which architectural change BEST addresses these requirements while preserving the serverless model?
A DevOps engineer discovers that a long-lived service account key (a static JSON credential file) used by an application running on cloud VMs has been accidentally committed to a public code repository. The immediate exposure is being remediated, but leadership wants a strategy that eliminates the root cause of long-lived, exportable credentials for workloads going forward. Which approach best addresses this requirement?
A cloud architect is designing a new VPC with a 10.0.0.0/16 CIDR block for a three-tier application. The web tier subnet currently needs 200 usable IP addresses, but the architect wants to reserve enough room to triple the tier's capacity within the same subnet over the next two years without renumbering. The organization also mandates that subnet CIDR blocks be sized as small as possible while still meeting the projected need. Which CIDR block should the architect assign to the web tier subnet?